Re: linux newbie: how to stop port scan abuse?
From: Warren E Bullock III (wbullock@twcny.rr.com)Date: 11/10/02
- Next message: Whoever: "Re: linux newbie: how to stop port scan abuse?"
- Previous message: D. Stussy: "Re: spoofed ICMP packets"
- In reply to: 2Host.com - Robert: "Re: linux newbie: how to stop port scan abuse?"
- Next in thread: Whoever: "Re: linux newbie: how to stop port scan abuse?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Warren E Bullock III" <wbullock@twcny.rr.com> Date: Sun, 10 Nov 2002 03:01:22 GMT
I would recommend converting to the IPTABLES firewall and from there create
some rules that do not allow forwarding through your system unless it is a
Established, or Related service connection. There is a lot you can do with
IPTABLES that I am not going to tell you about in this message because it
would take me two weeks! The main thing you need to do right now is ditch
the dead wood (ipchains) and employ iptables. Take a look at this tutorial
to get you started with IPTABLES :
http://www.netfilter.org/documentation/tutorials/blueflux/iptables-tutorial.
html
There is a script you can use that the author provides. You will need to
type the script into a text editor and then execute the file as a shell
script:
First though you need to stop ipchains and unload the module from the
kernel:
#chkconfig 12345 ipchains off
#modprobe -r ipchains
Now you can use the script that you got and run it with the following
commands to set your new firewall up
#chkconfig 345 iptables on
#chmod 700 -v <the_file>
#sh ./<the_file>
#iptables-save > /etc/sysconfig/iptables
Restart your machine and you should see the boot up process tell you that
iptables is now the active firewall
-Warren E Bullock III
wbullock@twcny.rr.com
"2Host.com - Robert" <admin@-NOSPAM-2host.com> wrote in message
news:3DCDB60F.A0E8532E@-NOSPAM-2host.com...
>
>
> Dan Bozinov wrote:
> >
> > Hi,
> >
> > I have a recently installed a small webserver (under redhat 7.3) and
> > tried to keep it as secure as possible. I consider myself more as a
> > windows person with some unix experience. Yesterday I got an email
> > from somebody, that his server has been port scanned from my ip
> > address. I am currently the only legitimate user on my system and I
> > definitely don't want to cause anybody a headache so could someone
> > please tell me how to secure my system so that it doesn't become a
> > gate for hackers or script kiddies? How can I keep track of what's
> > going out from my pc (log files?) or if there are any vulnerabilities
> > left? Thanks for your help...
> >
> > Dan
>
> Unfortunately there is a lot involved and it's nothing someone can just
> provide you with a "do this" step-by-step guide. It's involved and
> relevant to your set up. There are some books and web sites that can
> help provide you with some insight though. I don't know of any off the
> top of my head, but there's a lot of information out there to be had.
> Once you start reading them, you can apply whatever methods you wish to
> protect your system and set it up to provide the functionality and
> features you want, yet still be secure from compromises and things of
> this nature as well.
> --
> Regards,
> Robert McGregor - Email: admin@(remove)2host.com. Phone: 530-941-0690
> Server admin, support & programing for shared & dedicated web servers
> Secure, reliable hosting you expect and deserve! http://www.2host.com
- Next message: Whoever: "Re: linux newbie: how to stop port scan abuse?"
- Previous message: D. Stussy: "Re: spoofed ICMP packets"
- In reply to: 2Host.com - Robert: "Re: linux newbie: how to stop port scan abuse?"
- Next in thread: Whoever: "Re: linux newbie: how to stop port scan abuse?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
