| |
| |
| |
|
Page: 1 2 3 4
Comments:
<0> Hello
<1> there you are. you keep going away. i figured i'd try to catch yer attention.
<0> Oh, how so?
<1> ................... by saying hi
<0> Ahh
<0> hehe ^.^
<2> can someone please tell me what this here would do
<2> iptables -N randomdrop
<2> iptables -A randomdrop -m random --average 50 -j DROP
<2> iptables -A randomdrop -j REJECT
<2> this 3 lines
<3> Nothing :-) randomdrip is nowhere jumped to.
<3> If it was, 50% of all packets would silently be dropped, while all others would be rejected (eg. the other host is signalized that the connection is now dead.)
<2> hmm
<2> okz
<3> That means this would cause maximum PITA to the guy using a "connection." Though it would be more perfect if it wasn't 50%, but something like 95%.
<3> That way, there's a chance to even make it all the way through the TCP three-way handshake for establishing a connection.
<3> Such a connection would be slllllooooooooooooowwwwwwww, painfully slllooooooowwwww and would break every now and then.
<2> got cha, thanks man
<4> whats some good iptables rules to put in
<4> to stop most attacts / scans
<3> A good attack stopper first of all is a non-vulnerable application, so watch out for known bugs.
<4> what can I use?
<3> Read the mailing lists for all the running server applications?
<4> wheres that?
<3> You name it -- I don't know all the server applications you're planing to run on your box...
<4> is there a rule I can put in to stop ssh access for 5 minutes if there is 2 unsucessful login attepts
<3> So if there's a PostgreSQL server running publically accessible, you're read it's announce, help and devel list.
<4> im just running ssh and apache
<4> and ipmasq
<2> jbglaw how about to block all those " irc pings " ? b***ic stop being flooded
<4> how do I do that?
<3> Then you'd first of all read the lists for ssh, libssl and the apache mailing lists (plus those for specific modules).
<4> what for?
<4> how can I stop ssh access for 5 minutes if there is 2 unsucessful login attepts
<4> to stop bruteforce attempts
<5> norskfjord, dont repeat. read: http://rafb.net/paste/results/P1FHnh63.html
<2> jbglaw any ideea about my question ?
<3> That's application-level stuff and not implemented (neither in iptables nor in ssh), but there are scripts available that scan syslog files and generate iptable rules on the fly.
<3> DistroWatch: No. Didn't ever use that, and I'm not being flooded by that, so I don't care :)
<4> like?
<2> jbglaw well i am :) so i do care
<2> im sure there is a way to protect myself against that
<3> google://"script linux iptables ssh brute force"
<3> norskfjord: You can do simple searching as well.
<2> http://easyfwgen.morizot.net
<2> norskfjord have a look here might help
<3> DistroWatch: Hey, let him do the homework himself!
<2> aight then
<4> http://rafb.net/paste/results/P1FHnh63.html
<4> so what do I do with that?
<5> norskfjord, if you dont understand that, read the iptables tutorial in the topic, it's like driving an Evo 9 without knowing how to shift gears
<3> norskfjord: Strong ACK. They'll compromise your box faster than you can look at it if you're not yet able to understand simple scripts of firewall rules.
<1> even if you know how to shift, it can sometimes go less than smoothly
<3> DistroWatch: Btw., this also hunts down lots of successful connections, doesn't it?
<1> in an evo 9!
<3> :)
<2> jbglaw this what ?
<3> The script you pasted.
<3> If I run a script under ssh-agent (so auth'ing with keys), I can easily establish 1000 connections per minute :)
<2> jbglaw i didnt past any script, i only pasted a web site where he can create iptable scripts ... Easy Firewall Generator for IPTables
<2> http://easyfwgen.morizot.net/gen/
<2> iptables -A icmp_packets -s 127.0.0.1, 127.0.0.2 -p icmp -m icmp --icmp-type 8 -j ACCEPT
<2> its this right ? 127.0.0.1, 127.0.0.2 ?
<2> how will i put more ip`s ? ip "," ip or how ?
<2> i want to drop all ping requests except from my own server
<3> DistroWatch: Dropping PINGs (or any ICMP for what it's worth) is a totally dumb idea.
<3> It doesn't gain you anything but will hurt you _serverely_ if you _ever_ need to debug broken network connectivity.
<6> http://seclists.org/lists/nmap-hackers/2006/Jan-Mar/0002.html
<2> jbglaw hmm so how will i protect mysself from " being flooded on irc " ?
<6> you cant
<2> hm sounds funny
<3> DistroWatch: ICMP PING != IRC PING.
<2> there should be a way to drop all the packages coming from the same host , that send more then 5 package in 1 min or something like that ;)
<3> That's dumb either.
<2> :)))
<3> Consider the case where somebody is on a network that requires a quite small MTU.
<3> It's gateway will play the Path MTU discovery game, settle on 60 bytes and even one long IRC line will reach you as 10 packets.
<3> Boom.
<2> i will check what google says :)) dint find anything yet :(
<2> jbglaw how do you protect yourself from being flooded on irc ?
<3> I don't.
<2> if you dont then you can be " disconnected " anytime they want to :)
<3> Nobody floods me :)
<2> well depends what channels you join in :)
<3> I don't join the child porn channels :)
<2> anyway .. there are couple of guys that i know .. and eveytime thay told me im going to get " disconnected " that was true
<3> Reminds me of the stories that some guy announced to crack any given box.
<2> you know ... i dont reallty thing that his got a good internet connection . but he did disconnect me from the net many time ... i mean not proper disconnected .. just laged :))
<2> hell not
<3> He was told to try to bring 127.0.0.1 down--which he did. "Disconnected."
<2> so there is nothing i can do to stop him ?
<2> i did ignore him :))
<2> aint matter
<2> he must to use such kind of a hacking tool :))
<2> i dont thing that " ping ip " can do this aint no matter what ping option you use
<1> IP HI-YA!
<1> oops meant for #ipkungfu
<7> heya
<8> trappist: Hello, you non pingable person. :)
<8> trappist: A little qustion about .st. Can you update your dns-info on nic.st?
<7> non pingable?
<7> I can delegate a dns server, if that's what you mean
<8> trappist: Been trying to get a reply from you a several times. :)
<8> trappist: Hm... K. :/
<8> -a
<9> Hi
<9> I want to redirect the port 110 to 10022 (in the same machine if it come from a specific IP) what the way to do it?
<10> REDIRECT target, in the nat table
<9> but if it is in the same machine it's mandatory to use NAT?
<8> trappist: Have you tried to update/change anything? ( edit DNS info/Update Domain / DNS update )
<7> I haven't found an interface to just give them my IP and let them handle dns, but I was able to set it up to you dyndns.org as the dns server
<9> danieldg: it's mandatory to use NAT table?
<10> yalsu: I think so
<9> it's ok this?
<9> iptables -t nat -A PREROUTING -i eth0 -s 193.16.43.253 -d 65.111.164.248 -p tcp --dport 110 -j DNAT --to-port 65.111.164.248:10022
<9> -j DNAT instead -j REDIRECT?
<10> -j REDIRECT --to-port 10022
<9> ok, anf this is ok too?
<9> -j DNAT --to-destination
<9> -j DNAT --to-destination 65.111.164.248:10022
<10> yes, but don't use that to redirect to localhost
<9> ahh ok ok
<9> what is the difference?
<10> the packet goes into INPUT or FORWARD
<9> the last question :)
<9> iptables -t nat -A PREROUTING -i eth0 -s 193.16.43.253 -d 65.111.164.248 -p tcp --dport 110 -j REDIRECT --to-port 10022
<9> it's ok now? :)
<10> yes
<9> thanks!!
Return to
#iptables
or
Go to some related
logs:
udev-event exec of program
ubuntu libdvdcss checking for C compiler default output file name... configure:
ERROR 1044 (42000): Access denied for user: ''@'localhost' to database 'employee
mysql tutorials Functions dev
quakenet browser login
wOOtwOOt isc
#linux
Boot My DVD
#perl
xserver-xorg postinst /etc/X11/X; file has been customized debian testing
|
|