LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 06-24-2009, 05:01 AM   #1
shahid khan
LQ Newbie
 
Registered: Jun 2009
Posts: 6

Rep: Reputation: 0
Talking how to Block a site in a Firewall or Router by Protocol wise & host wise.


Hi,

I would like to know the blocking methode In a Firewall or a Router.

whether i will be done by Protocol wise, ho ?
or it will done through Host wise, How ?


Can some one help


Regards,

Shahid Khan
 
Old 06-24-2009, 07:20 AM   #2
tronayne
Senior Member
 
Registered: Oct 2003
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,042

Rep: Reputation: 761Reputation: 761Reputation: 761Reputation: 761Reputation: 761Reputation: 761Reputation: 761
If you have a router that is capable of blocking individual addresses (your router's manual should tell you that), then, sure... my routers do not have that capability, however, so I do it a different way.

If you look at your logs, possibly /var/log/messages, you may see entries like these:
Code:
Jun 23 11:25:32 fubar sshd[3937]: Failed password for root from 174.129.94.87 po
rt 47665 ssh2
Jun 23 11:25:33 fubar sshd[3939]: Failed password for root from 174.129.94.87 po
rt 47721 ssh2
Jun 23 11:25:33 fubar sshd[3941]: Invalid user sami from 174.129.94.87
Jun 23 11:25:33 fubar sshd[3941]: Failed password for invalid user sami from 174
.129.94.87 port 47797 ssh2
Jun 23 11:25:34 fubar sshd[3943]: Failed password for root from 174.129.94.87 po
rt 47855 ssh2
Jun 23 11:25:35 fubar sshd[3945]: Failed password for root from 174.129.94.87 po
rt 47922 ssh2
Jun 23 11:25:35 fubar sshd[3947]: Invalid user oracle from 174.129.94.87
Jun 23 11:25:35 fubar sshd[3947]: Failed password for invalid user oracle from 1
74.129.94.87 port 47978 ssh2
Jun 23 11:25:36 fubar sshd[3949]: Failed password for root from 174.129.94.87 po
rt 48036 ssh2
The above are some of the 39 actual log entries showing some bastard trying to break into my systems. I run a utility, DenyHosts, http://denyhosts.sourceforge.net, that looks for these kinds of things and makes entries in /etc/hosts.deny; e.g.,
Code:
# DenyHosts: Tue Jun 23 11:25:55 2009 | sshd: 174.129.94.87
sshd: 174.129.94.87
Once that entry is in /etc/hosts.deny, /var/log/messages will show
Code:
Jun 23 11:25:56 fubar sshd[4010]: refused connect from 174.129.94.87 (174.129.94.87)
and that's the end of that -- no more access.

There's another way too: use iptables:
Code:
#Block cn.zone
iptables -A INPUT -s 58.14.0.0/15 -j DROP
iptables -A INPUT -s 58.16.0.0/16 -j DROP
iptables -A INPUT -s 58.17.0.0/17 -j DROP
iptables -A INPUT -s 58.17.128.0/17 -j DROP
iptables -A INPUT -s 58.18.0.0/16 -j DROP
iptables -A INPUT -s 58.19.0.0/16 -j DROP
iptables -A INPUT -s 58.20.0.0/16 -j DROP
iptables -A INPUT -s 58.21.0.0/16 -j DROP
iptables -A INPUT -s 58.22.0.0/15 -j DROP
These sample entries block domains in China (there are over 1,500); I do country blocks for the worst ones (China and Korea). These entries block an entire range of addresses. If you want to do this, you can go to http://www.countryipblocks.net and download entries for whatever countries you want to block.

/etc/hosts.deny (see man 5 hosts_access) is a relatively simple, effective way of keeping the bad actors out of your system. iptables, too, is relatively simple and effective. If you install DenyHosts, you can semi-automagically take care of much of the problem without having to actually do anything except review your logs periodically (which you should be doing in any case).

Hope this helps some.
 
Old 06-26-2009, 04:13 PM   #3
tekhead2
Member
 
Registered: Apr 2004
Distribution: slackware/FreeBSD/Vector
Posts: 291

Rep: Reputation: 52
In addition to blocking hosts at your router you can also use Open DNS to block some issues with Confliker as well as filtering web access to some extent.

I swear by Open DNS. Here are the IP addresses for the Open DNS server

208.67.220.220 primary
208.67.222.222 secondary

You can also do stats on your lookups too.

www.opendns.com
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
network monitoring protocols & ip wise sunlinux Linux - Software 3 07-30-2008 09:54 AM
Word to the Wise dfowensby Ubuntu 1 02-08-2008 08:04 AM
Windows: Do I really need a firewall (Software-wise) Mega Man X General 6 11-27-2007 08:28 PM
Is it wise to change permissions ? glenn69 Linux - Newbie 1 05-04-2004 08:49 PM
bandwidth allocation by user wise and ip wise basbosco Linux - Networking 1 11-12-2003 02:54 AM


All times are GMT -5. The time now is 11:24 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration