|
Limiting client connections to a port without iptables
I have a centos server which I cannot enable iptables on yet need to prevent a certain port from being hacked.
I need to ensure the port doesn't get too many connections from the same client and/or too many connections one after another from anywhere. Is there a tool out there which would allow me to do this or is there an iptables config example somewhere which shows how I can allow everything but limit access to one port such as above. Thanks. |
Snort / Firestarter
|
Quote:
|
Quote:
Quote:
|
>If the machine is connected to any network it should already have been hardened.
>If it isn't then you shouldn't run (publicly accessible) services on it yet. >What are your reasons why you think you can't? VoIP systems usually have their iptables and selinux functions disabled. I of course have firewalls where public access comes into the network. Usually, I can get everything done at the firewall level but in this case, I need to have something on the server itself. >Sure. Search this forum for "iptables limit" and it'll show you a few (also >notice the "Similar Threads" box at the bottom of this page). >If this is your first server, if you don't have any Linux or firewall knowledge just say so. Nope, not my first server, I have a network full of them :). I use iptables on all servers but the setups are usually pretty straight forward. I simply have never had the opportunity to learn iptables fully since I mainly use the firewalls to do what I need. Learning it isn't something I have time for at the moment which is why I asked the community. So, if you can actually provide something other than 'go search', that would be great. |
Quote:
unSpawn even told you what to search for.. As an additional note, using [QUOTE] tags, is far easier to read, and implement, than that whole ">" thing you have going on... |
>Going and searching, will find you the answer you are looking for.
>First 3 google results spell it out. unSpawn even told you what to search for.. Sigh, forums are becoming as useless as their members are. How useless it is to constantly read 'go search'. Not much of a community effort. As I already told you, I am completely unfamiliar with iptables other than adding/removing ports and other very basic functions on servers I like to add a little extra protection to. Yes, I have read about iptables limit function, yup, I get that it does what I'm after, thanks for the lead. However, not knowing a damn thing about iptables is not going to help me to understand how I can use it to limit one or two ports while not blocking anything else. Of course I've searched for that and of course I've tried it for myself. There simply isn't enough time in a day to survive and take on learning everything about iptables to do this safely which is why I asked the community. If all you can tell me is to go search, why the hell do you guys keep replying to my posts? Does it give you a bigger head? Great, happy that I've inflated your already large egos. You don't need to reply to me and tell me how you give of your time and that I don't deserve to be given the answers unless I go look for myself. I have explained my situation, you can go away if you can't help me, I don't need education in posting, I need help from someone who actually cares to give a guy a hand. You don't HAVE to make other people's questions your place for debate, just move on and let someone who actually cares to help someone find the question instead of this nonsense. |
From: http://www.debian-administration.org/articles/187 Found by google search "iptables limit"
Quote:
Edit: On a personal note, you will get a lot farther in this forum if you avoid trying to make demands. If you want to make demands, try paying for support. Even with the above example, which given the lack of implementation detail you have provided, you will STILL need to read and understand how to apply the filter. |
Quote:
Your example by the way, doesn't tell me anything about what I asked. I already know how to use the limit option of iptables, why don't you read the thread if you're doing to bother taking the time to flame me. The implementation HAS been explained. You're just having fun at my expense. Rules, my god, grow up. Boot me off if I'm breaking a rule by asking people to stop being such babies. There is too much of this sort of nonsense in the forums these days. |
Squeaky wheels get the oil?
Care to explain why Noway2's response does not meet the requirement in post #1? |
Quote:
It's not like I can just add a rule because there is no iptables running on the server. Plus, the setup would have to be a complete one which encompasses the fact that I need to allow everything, all traffic, and only limit one port. Since I don't know enough about iptables to build my own configuration, I was asking of someone in the community to please post a full configuration which would do this task. It would not only help me but I am sure it would help anyone else who will ever need something like this. Telling me to go read isn't the answer for me because I am already overwhelmed with work and don't have the energy to take on something else at the moment which is why I asked for help. Otherwise, I would take the time to learn about iptables so that I could do this myself, which, I will certainly do once I have some time. Right now, I have a server which is getting attacked and would like a little help from some friendly soul who understands when someone is simply asking for help and doesn't need a lesson in posting or searching. |
I fail to see why you cannot have iptables running with rules to limit a port. Noway2 shows the example for port 22. You have not specified the port you wish to limit.
Something like this should meet your needs. Code:
#!/bin/sh |
>I fail to see why you cannot have iptables running with rules to limit a port.
>Noway2 shows the example for port 22. You have not specified the port you >wish to limit. Have you never run a pbs before, if you have, you'll notice that selinuz and iptables are always turned off as a default. I usually just leave it that way and use my firewall's instead to limit. >Something like this should meet your needs. > Code:
#!/bin/shIt might but what's not clear to me is the rest of it. As I have said, I don't know how to build an iptables file from scratch. An iptables file cannot contain only the above information and there's more to it than just adding one rule. I can't just use the default iptables because it is based on allowing only certain ports. Again, I want to allow all traffic, making sure I am not blocking anything, and limit the one port. The port didn't really seem to matter much as part of the post but to be specific, it is 5060. The idea is to prevent script kiddies from hammering the system with dictionary hits trying to find accounts which don't have good passwords. I just want to limit how fast/often a connection can come from one IP to help discourage such behavior. |
Quote:
Quote:
Quote:
Quote:
|
You have been given the answer to what you asked for. If you won't or can't read the answer and understand it, then it is your problem, not ours. If you don't have iptables and ask for iptables scripts, again it is YOUR problem, not ours. If you don't like the answers your receive, it is YOUR problem, not ours.
If you don't understand how iptables works, which is apparent from your statements that are absolutely wrong, again that is YOUR problem, not ours. |
| All times are GMT -5. The time now is 05:42 AM. |