LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 07-12-2012, 01:29 PM   #1
LittleMaster
Member
 
Registered: Jun 2012
Posts: 98
Blog Entries: 1

Rep: Reputation: Disabled
How to block a single ipaddress using TCP Wrappers


Dear All
Today i found in my apache logs that my server was flooded with a single ipaddress in access.log.I could find my server is keep on accessed the remote server and there accessed url are been reflecting on my access log of my server.Any suggestion how the accessed url of remote server reflect on my server apache access log

http://clientip/~admin/a-poster/proxy.php HTTP/1.1" -- Its shows my server ipaddress.


Thus i tried out blocking of server ipaddress using tcp wrapper

vi /etc/hosts.deny

ALL:REMOTE IPADDRESS


But i could found the server ipaddress in my apache access.log
 
Old 07-12-2012, 01:34 PM   #2
Kustom42
Senior Member
 
Registered: Mar 2012
Distribution: Red Hat
Posts: 1,590

Rep: Reputation: 412Reputation: 412Reputation: 412Reputation: 412Reputation: 412
Forget apache, you don't want the connection to get tor your application layer if it's a security issue. You would want to block this on the OS or network layer.

For iptables, here ya go:

Code:
iptables -A INPUT -s 202.54.20.22 -j DROP
iptables -A OUTPUT -d 202.54.20.22 -j DROP
Just run those commands as root, replace the 202.54.20.22 with the IP and BAM!

The good thing about this is it's a drop rule, different from a reject rule in the fact that your server sends no response at all to the originating connection, a reject will send a response back telling them its rejected. This indicates the server is still up to the remote attacker and they keep trying to get in. If it's a drop, they get no responses, connection just times out as if the IP of your server had changed or the server itself is down.
 
1 members found this post helpful.
Old 07-12-2012, 04:27 PM   #3
Kustom42
Senior Member
 
Registered: Mar 2012
Distribution: Red Hat
Posts: 1,590

Rep: Reputation: 412Reputation: 412Reputation: 412Reputation: 412Reputation: 412
Just a follow up when I am referring to layers I am referring to the OSI Model: http://www.webopedia.com/quick_ref/OSI_Layers.asp


The lower down in the layers you get the more you are isolating your system/application. So if you prevent it on layer 1, the physical layer, with a hardware firewall that is outside your internal network it would be the most advised solution. OSI model is something good to look over if you've never heard of it.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
TCP wrappers purpman Linux - Security 3 07-01-2012 08:08 PM
[SOLVED] tcp wrappers devilboy09 Linux From Scratch 5 11-21-2011 10:13 AM
how to block POP and IMAP through TCP wrappers justsimran Linux - General 3 05-17-2007 01:02 PM
Tcp wrappers sysconfig Linux - Security 4 09-08-2006 09:20 AM
TCP Wrappers ltrain Linux - Security 6 05-31-2001 11:40 PM


All times are GMT -5. The time now is 05:25 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration