LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 10-21-2006, 03:22 PM   #1
RoaCh Of DisCor
Member
 
Registered: Apr 2004
Location: Washington State
Distribution: SuSE 9.3 / Slackware-Current
Posts: 701

Rep: Reputation: 30
More bruteforcing attacks -- need help please!


Hey, if you guys saw our previous thread, we've been having some problems on our server. Well, we shut down the SSH server completely, which solved that problem..but now they're attacking our ftp server.

I was told that you can restrict all ftp/ssh access to a single range of ip addresses -- meaning they can only access it, all other traffic is blocked.

How would I go about doing this? IPtables confuses the hell out of me.

Thanks.
-RoaCh
 
Old 10-21-2006, 04:48 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,397

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
iptables is a good way to go about it, but at most application layers you also have the use of tcpwrappers. you can permit certain sources only at aplication level using the abstraction in the /etc/hosts.allow and /etc/hosts.deny files: http://www.ssh.com/support/documenta...s_Support.html this page is handy, i'd assume that you openssh server is already configured to use it, so ignore teh first part, but the examples at the bottom should help you a lot.

iptables isn't as scary as you may think, but then you may prefer to look at using a wrapper tool, like the gtk interface, firestarter.

but why do you have your server facing the internet directly anyway? why do you not have some form of dedicated firewall in between?
 
Old 10-22-2006, 06:38 AM   #3
~=gr3p=~
Member
 
Registered: Feb 2005
Location: ~h3av3n~
Distribution: RHEL 4, Fedora Core 3,6,7 Centos 5, Ubuntu 7.04
Posts: 227

Rep: Reputation: 30
iptable is not scary it is as sexy as a girl ..have a look at her resources here

http://iptables-tutorial.frozentux.n...-tutorial.html

and for god sake not use default port 22 and 21 open to the internet...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Security Attacks LinuxRam Linux - Security 2 08-24-2004 03:14 AM
htpd attacks plisken Linux - Security 3 04-18-2004 04:12 PM
Hack attacks? satwar Linux - General 2 07-03-2003 02:44 PM
IP attacks sundarrnathan Linux - Security 1 06-04-2003 05:33 AM
IP address attacks Smooth Linux - Security 7 06-01-2003 02:36 PM


All times are GMT -5. The time now is 03:10 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration