Configure iptables to not log certain hits
From: M_F_H (no_one_at_example.com)
Date: 09/02/05
- Next message: Llanzlan Klazmon: "Re: Configure iptables to not log certain hits"
- Previous message: Proteus: "How do I use tripwire?"
- Next in thread: Llanzlan Klazmon: "Re: Configure iptables to not log certain hits"
- Reply: Llanzlan Klazmon: "Re: Configure iptables to not log certain hits"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 01 Sep 2005 22:15:53 -0400
My Fedora Core 4 firewall logs are filled with annoying attempts
to find an open ports 1026 or 1027. Evidently, they are looking
for unpatched MS IIS servers, which they obviously won't find on
my machine. I would like to stop the logging of their pings. Here
are the options I'm considering:
1. Create a script that would parse my firewall logs for IP
addresses that ping my computer for these ports, then modify the
routing table with a command such as this:
route add -host 123.123.123.123 reject
Doing this would certainly stop their ping attempts, but it also
eliminates all communication with that IP address, such as http
(port 80). Perhaps this is the reason that the manpage
discourages using the routing table as a super-strength firewall.
2. Create a script similar to DenyHosts.py, which parses firewall
logs for ssh login attempts, then uses the DenyHosts
configuration to decide which IP addresses to add to the
/etc/hosts.deny file. In my script, I would parse firewall logs
for IPs that tried to ping me at ports 1026 or 1027, then add
them to /etc/hosts.deny. I do not believe this will stop the log
entries from being made because hosts.deny is consulted only when
an xinet-controlled program is initiated, such as ssh, ftp, etc.
3. Add an iptables command that stops logging events that relate
to port 1026 or 1027. This option appeals to me, but I have one
concern. Supposed an authorized person uses scp to copy files
to/from my machine, and in the process is assigned port 1027 to
form the secure connection. Unless carefully crafted, the
iptables command could result in scp connections not being logged.
So, here are my questions:
1. What iptables command should I use to block the log entries?
Bear in mind that I'm a newbie when it comes to manipulating
netfilter with the iptables command.
2. Is there a way to prevent programs like scp from choosing a
specific port range when establishing a connection?
- Next message: Llanzlan Klazmon: "Re: Configure iptables to not log certain hits"
- Previous message: Proteus: "How do I use tripwire?"
- Next in thread: Llanzlan Klazmon: "Re: Configure iptables to not log certain hits"
- Reply: Llanzlan Klazmon: "Re: Configure iptables to not log certain hits"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
