LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 09-19-2004, 08:03 AM   #1
sohmc
Member
 
Registered: Aug 2002
Location: Alexandria
Distribution: ubuntu 12.04.2
Posts: 217

Rep: Reputation: 30
block ip address/hosts


Grr...I've seen a couple of threads here about script kiddies trying to hack into systems.

I got a hostname of someone who was probing my root password. Some dork from .jp.

Is there a way that I can block their IP address from trying again? I'm not very familure with ipchains. I want somethink quick and painless.

(Aside: )
I would love to see a script that creates some sort of feedback loop; script kiddies attempt to hack, a deamon respons by hacking the kiddie with a DOS attack, making sure they won't compromise anyone else.

just a though. REVENGE OF THE GEEKS!

Viva la TUX!

Last edited by sohmc; 09-19-2004 at 08:04 AM.
 
Old 09-19-2004, 08:39 AM   #2
ppuru
Senior Member
 
Registered: Mar 2003
Location: Beautiful BC
Distribution: RedHat & clones, Slackware, SuSE, OpenBSD
Posts: 1,791

Rep: Reputation: 46
Sohmc, with kernel 2.4 and up, iptables is the preferred firewall.

I am not sure if you already have any iptables rules set.

You can however add

iptables -A INPUT -i eth0 -s <dork's ip> -j DROP
and
iptables -A FORWARD -i eth0 -s <dork's ip> -j DROP

this should take care of DorkSan.

If you have any particular service under attack, say sshd, you can put an entry in your /etc/hosts.deny as

sshd: <dork's IP>
ALL: <dork's IP>

this will deny dork from accessing any of your services that are listening on the net.
 
Old 09-19-2004, 08:41 AM   #3
sohmc
Member
 
Registered: Aug 2002
Location: Alexandria
Distribution: ubuntu 12.04.2
Posts: 217

Original Poster
Rep: Reputation: 30
thanks. Hopefully this will take care of that!

EDIT:
will iptables save this information and reload it? or do I need to add a line to my rc.local?

Last edited by sohmc; 09-19-2004 at 08:43 AM.
 
Old 09-19-2004, 11:13 AM   #4
ppuru
Senior Member
 
Registered: Mar 2003
Location: Beautiful BC
Distribution: RedHat & clones, Slackware, SuSE, OpenBSD
Posts: 1,791

Rep: Reputation: 46
As I see Fedora core listed as your distribution, I assume you use Fedora core 1.

Do you already have any iptables rules?

You can check that by running the following command as root

/sbin/iptables -nvL

You can run

/sbin/iptables save

to save your iptables rules to be loaded at boot.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
block mac address Ammad Linux - General 1 09-11-2005 01:00 PM
hosts.deny doesn't block an SSH attempt vmattila Linux - Security 4 11-14-2004 12:18 PM
IP Address for /etc/hosts when using DHCP jimbo Linux - Networking 5 03-27-2004 06:59 PM
Block access by ip address on Smoothwall. chrisknight Linux - Software 6 09-21-2003 08:57 AM
Iptables to block everything except few hosts sysadmcse Linux - Security 1 09-16-2003 09:48 PM


All times are GMT -5. The time now is 05:34 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration