More bruteforcing attacks -- need help please!
Hey, if you guys saw our previous thread, we've been having some problems on our server. Well, we shut down the SSH server completely, which solved that problem..but now they're attacking our ftp server.
I was told that you can restrict all ftp/ssh access to a single range of ip addresses -- meaning they can only access it, all other traffic is blocked. How would I go about doing this? IPtables confuses the hell out of me. Thanks. -RoaCh |
iptables is a good way to go about it, but at most application layers you also have the use of tcpwrappers. you can permit certain sources only at aplication level using the abstraction in the /etc/hosts.allow and /etc/hosts.deny files: http://www.ssh.com/support/documenta...s_Support.html this page is handy, i'd assume that you openssh server is already configured to use it, so ignore teh first part, but the examples at the bottom should help you a lot.
iptables isn't as scary as you may think, but then you may prefer to look at using a wrapper tool, like the gtk interface, firestarter. but why do you have your server facing the internet directly anyway? why do you not have some form of dedicated firewall in between? |
iptable is not scary it is as sexy as a girl :D..have a look at her resources :D here
http://iptables-tutorial.frozentux.n...-tutorial.html and for god sake not use default port 22 and 21 open to the internet... |
All times are GMT -5. The time now is 05:52 AM. |