Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 10-21-2006, 03:22 PM   #1
RoaCh Of DisCor
Registered: Apr 2004
Location: Washington State
Distribution: SuSE 9.3 / Slackware-Current
Posts: 701

Rep: Reputation: 30
More bruteforcing attacks -- need help please!

Hey, if you guys saw our previous thread, we've been having some problems on our server. Well, we shut down the SSH server completely, which solved that problem..but now they're attacking our ftp server.

I was told that you can restrict all ftp/ssh access to a single range of ip addresses -- meaning they can only access it, all other traffic is blocked.

How would I go about doing this? IPtables confuses the hell out of me.

Old 10-21-2006, 04:48 PM   #2
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
iptables is a good way to go about it, but at most application layers you also have the use of tcpwrappers. you can permit certain sources only at aplication level using the abstraction in the /etc/hosts.allow and /etc/hosts.deny files: this page is handy, i'd assume that you openssh server is already configured to use it, so ignore teh first part, but the examples at the bottom should help you a lot.

iptables isn't as scary as you may think, but then you may prefer to look at using a wrapper tool, like the gtk interface, firestarter.

but why do you have your server facing the internet directly anyway? why do you not have some form of dedicated firewall in between?
Old 10-22-2006, 06:38 AM   #3
Registered: Feb 2005
Location: ~h3av3n~
Distribution: RHEL 4, Fedora Core 3,6,7 Centos 5, Ubuntu 7.04
Posts: 227

Rep: Reputation: 30
iptable is not scary it is as sexy as a girl ..have a look at her resources here


and for god sake not use default port 22 and 21 open to the internet...


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Security Attacks LinuxRam Linux - Security 2 08-24-2004 03:14 AM
htpd attacks plisken Linux - Security 3 04-18-2004 04:12 PM
Hack attacks? satwar Linux - General 2 07-03-2003 02:44 PM
IP attacks sundarrnathan Linux - Security 1 06-04-2003 05:33 AM
IP address attacks Smooth Linux - Security 7 06-01-2003 02:36 PM

All times are GMT -5. The time now is 12:35 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration