LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 10-28-2007, 12:42 AM   #1
lmcilwain
Member
 
Registered: Dec 2003
Location: Maryland
Distribution: Fedora 14
Posts: 367

Rep: Reputation: 30
Block port 22 for specific IP's


Hello all,

Is it possible/easy to block port 22 for specific IPs using the terminal or some application? Right now I have it open to the world and its bothering me to see all the break-in attempts.

I need it so I can get to my systems from anywhere outside of my network.

I have not been able to successfully implement a VPN so I am using firestarter right now and it will allow me to block port 22 all together unless its from a specific IP but that is only good if I am in one specific place. Great for security but not very flexible.
 
Old 10-28-2007, 12:53 AM   #2
lasantha
Member
 
Registered: Oct 2005
Location: Sri Lanka
Distribution: Red Hat, Cent OS
Posts: 38

Rep: Reputation: 16
IPTABLES its easy. http://www.netfilter.org/projects/iptables/index.html
 
Old 10-28-2007, 01:57 AM   #3
Kahless
Member
 
Registered: Jul 2003
Location: Pennsylvainia
Distribution: Slackware / Debian / *Ubuntu / Opensuse / Solaris uname: Brian Cooney
Posts: 503

Rep: Reputation: 30
super easy solution:


edit your /etc/ssh/sshd_config file


change your ssh port to any non standard port so it isn't detected by every port scanner that passes over your subnet

you will need to just add the -p flag when you log in to tell your client what arbritary port you moved the server to. Pick something that no standard services run on of possible

DISABLE ssh v1

disable root login, or better yet restrict it to ONLY the user or users that you log in as. DEFIANTLY DISABLE ROOT LOGIN


You should see your break in attempts drop to next to nothing once port scanners start seeing a closed or stealth port 22.


Security by obscurity is stupid, but so is actively advertising that you have something to break into. By hiding your already secure service, you only make things better
 
Old 10-28-2007, 06:22 AM   #4
routers
Member
 
Registered: Aug 2005
Location: Malaysia - KULMY / CNXTH
Distribution: Slackware, Fedora, FreeBSD, Sun O/S 5.10, CentOS
Posts: 771
Blog Entries: 6

Rep: Reputation: 75
another easy way is open your /etc/hosts.deny and add below if dont have then create it
ALL:ALL

then open your /etc/hosts.allow and add
sshd:192.168.1* 216.218.1.10

these sample
 
Old 10-28-2007, 07:41 AM   #5
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by lmcilwain View Post
Is it possible/easy to block port 22 for specific IPs using the terminal or some application? Right now I have it open to the world and its bothering me to see all the break-in attempts.
Yes, you can easily deny access to port 22 from specific IPs like:
Code:
iptables -I INPUT -p TCP --dport 22 -s $BAD_IP_GOES_HERE -j DROP
But you would probably be much better-off having this happen automatically for those IPs trying to "break in". That is where tools like Fail2Ban come in. Also, as has already been said, changing SSHD to listen on a non-default port can drastically reduce the amount of automated brute-force attacks you experience. See the Failed SSH login attempts sticky at the top of the forum for more info.

Last edited by win32sux; 10-28-2007 at 07:44 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IPTABLES BLOCK ALL NON-US IP's cachemonet Linux - Security 3 06-14-2006 04:57 PM
how to restrict download from internet for specific ip's only deepak rawat Linux - Networking 1 04-27-2006 08:27 AM
Find IP's in use in a particular block kegwell Linux - Networking 1 07-14-2004 06:22 AM
Allow SSH from specific IP's ONLY. m15a4 Linux - Security 3 12-29-2003 05:02 AM
Port 80 -- How to block from one specific domain? (RedHat 7.0) jcroft Linux - Security 1 02-17-2002 04:50 PM


All times are GMT -5. The time now is 12:51 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration