Re: iptables & tcp wrappers

From: Francisco R. Romo Alfaro (fcoromo_at_opensys.com.mx)
Date: 09/28/04

  • Next message: secmgr: "Re: iptables & tcp wrappers"
    To: focus-linux@securityfocus.com
    Date: Tue, 28 Sep 2004 16:00:43 -0500
    
    

    On Fri, 2004-09-24 at 15:57, Meatplow wrote:
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    >
    > Hello.
    >
    > I'm running RH Enterprise edition.
    >
    > I'm relatively new to iptables. I am getting the common intrusion
    > attempts with some of the common uses of test/guest/root/ and a
    > couple others I've been able to add the IPs to the to iptables.,
    > but

    Im getting also frequent attempts to log into ssh on some servers using
    those exact usernames from different ip's. Its it a worm or just some
    new h4x0r tool ? anyone ?

    > I'd really like a log that tells me the info that I want to know.

    What info do you want to know ?

    > My basic input command is this :
    > #iptables -A INPUT -p tcp -s PUT_IP_HERE -d 0/0 --syn -j DROP
    >
    > iptables seem a little convoluted. Example. To delete a line -
    > supposedly give it a line and it will be deleted/modified. My
    > problem is even with #iptable -L -v there is no line number ?

    I dont know about line nnumbers but you could try just deleting the
    existing rule like this:

    #iptables -D INPUT -p tcp -s PUT_IP_HERE -d 0/0 --syn -j DROP

    with a "-D" instead of a "-A"

    > My goal is to block all incoming ssh attempts except IP#.
    > This is where I got into hosts.allow/deny as mentioned below.

    If this server running RH Enterprise is some kind of firewall with two
    or more network interfaces, you could configure the SSH daemon so it
    justs listens and accepts connections from your internal (and trusted)
    network, just by editing:

    /etc/ssh/sshd_config

    And of course, after that, restating the service.

    Good luck!


  • Next message: secmgr: "Re: iptables & tcp wrappers"

    Relevant Pages

    • iptables & tcp wrappers
      ... I'm running RH Enterprise edition. ... I'm relatively new to iptables. ... I am getting the common intrusion ... My basic input command is this: ...
      (Focus-Linux)
    • RE: iptables & tcp wrappers
      ... I'm running RH Enterprise edition. ... I'm relatively new to iptables. ... I am getting the common intrusion ... My basic input command is this: ...
      (Focus-Linux)
    • RE: iptables & tcp wrappers
      ... It is a nice wrapper for iptables. ... > Hash: SHA1 ... > I'm running RH Enterprise edition. ... > My basic input command is this: ...
      (Focus-Linux)
    • Re: Firestarter: how to auto start it?
      ... I had some problems with firestarter, so I decided to write my own iptables script. ... I'd suspect that one of your network interfaces is not available when the /etc/init.d/firestarter is invoked. ... I'm not knowledgeable about firestarter, but the GUI should make it easy to configure the firewall. ...
      (Debian-User)