ok so im setting up a server for my school, orginally i had it running debian but was told it wasnt a proven dist. and was told to use mandrake.. although mandrake is extremely easy to setup i cant seem to figure out how to stop denial of service attacks, i tried finding it in webmin in the shorewall but no go. ( i had a another firewall app on debian that handled it for me)

well to the point, i got the server scaned by the school district so that it may be put outside of the schools network and be accesiable online, but was told the IT was able to pull off and crash my ftp with a service of denial attack and to patch that up and il be ready to go.

so could anyone tell me how i can do that in mandrake 9.1 fully updated?

Thanks in advance.

Do you have the firewall setup?

what is the DOS targeting?

you can insert in iptables rule to block where it is coming from.

install snort ( www.snort.org ) and figure out where it's coming from then write a rule for it.

also there's firestarter gtk2 frontend to iptables.

yes i set it up using the mandrake firewall in control panel. but there is no option for denial of service attacks, ive used firestarter and it was very good but dont know if that'll work well with mandrakes firewall config. also i was told he was able to crash the ftp, so i only need to cover that.. however i only have 3 ports open httpd, ssh, and ftp so if i can cover all those from pings and all that good stuff i saw in firestarter that would be best.

Thanks once again in advance for any help.

you can --limit traffic on ftp might help

i.e. take advantage of iptables' stateful firewalling techniques.

I would say stop the ftp server your using and install another one, or check for an update.

what are you using?

vsftpd is supposed to be secure, alot of big sites use it.

im using proftp

id like to use firestarter, but i know my mandrake is using shorewall as its firewall, what will happen to that?

and if i cant use firestarter nicely with shorewall then what do i have to add or do to block against denial of service attacks?

I'm no ftp wizard or anything close to it, however I do not think a firewall is the answer. You are wanting to let the connections in or what would be the point of having a server.

I still say if there are no updates to fix the problem go with another server, wuftp has new updates that fixes a problem. You would need to do some researce.

ftp is a pretty risky thing to use anyway in some cases, what are you going to be doing with it.

ftp will be used to allow the several other school departments put up their own websites, or files. and i think ssh would be way to hard to explain.. and ftp is the next to simplist way of doing it. (i also have a upload script made by the programmer on my team but ftp is still needed just to be on the safe side)

so you really think ws_ftp is a better option? il go ahead and see if there is a update for proftp but i dont think so..

I would use http upload, you have a working server and you can use ssl for login through https.

If you must use ftp then yes, I would try a different server.

Maybe the issue is that you haven't updated Mandrake? I know there's a update to proftpd so maybe that's it. As you should already know Mandrake has a tool to do the updates.

Mandrake Update should get your FTP and SSH up-to-date.

Also, make sure you subscribe to several security related sites like CERT (http://www.cert.org/) and the Mandrake Security newsletter (http://www.mandrakesecure.net/en/advisories/)

Then remember to update your systems when you can.

i ran the update tool and it updated everything, but i dont trust it that much because my shorewall is still 1.3.14, that may be it, and i want to update it but worried i might lose all my settings..