RE: Need some help on security

From: Laust S. Jespersen (freebsd-security_at_ust.dk)
Date: 01/11/04

  • Next message: Taras Y. NIZHNIK: "Re: Need some help on security"
    To: <freebsd-security@freebsd.org>
    Date: Sun, 11 Jan 2004 01:01:56 +0100
    
    

    Hi David,
    > How about to use ipfw.ko?
    What Taras is suggesting here, is for you to use the loadable kernel
    module version of ipfw.

    For more information on loadable kernel modules see "man kldload"
    Something along the lines of:
    "kldload ipfw && ipfw add 65334 allow ip from any to any"
    The last part (ipfw and so on) should let you be able to keep your
    connection to the server if you're not on via a local console.
    Also "man ipfw" is a fantastic manpage.

    With regards the attacks on your webserver, there is the option of
    firewalling it out (ie. ipfw add 10000 deny ip from x.x.x.x to me)
    or using apache's built-in access.conf mechanism.

    You could do something in your access.conf along the lines of:
    <Location />
        Order Allow,Deny
        Allow from all
        Deny from 211.233.89.189
    </Location>

    Personally I'd go with the firewalling, although sometimes it is
    not practical if the websites in question are not your own.

    Lastly, just to ease your mind, all the attacks in your original mail
    are IIS attacks and as such should not work on your webserver :)
    To illustrate from my own logfiles :)
    me@my:/var/log>grep '[root|cmd].exe' httpd-error.log|wc -l
       27938
    Hope this helps.

    Med venlig hilsen / Best Regards
    Laust Jespersen

    http://www.ust.dk
    ======================================================================
    Viking Rule of Acquisition 1: Remember where you beached the long ship
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: Taras Y. NIZHNIK: "Re: Need some help on security"