LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Mandriva
User Name
Password
Mandriva This Forum is for the discussion of Mandriva (Mandrake) Linux.

Notices

Reply
 
Search this Thread
Old 11-11-2003, 12:00 AM   #1
Ozzman
LQ Newbie
 
Registered: Jun 2003
Posts: 17

Rep: Reputation: 0
Denial Of Service Attacks


ok so im setting up a server for my school, orginally i had it running debian but was told it wasnt a proven dist. and was told to use mandrake.. although mandrake is extremely easy to setup i cant seem to figure out how to stop denial of service attacks, i tried finding it in webmin in the shorewall but no go. ( i had a another firewall app on debian that handled it for me)

well to the point, i got the server scaned by the school district so that it may be put outside of the schools network and be accesiable online, but was told the IT was able to pull off and crash my ftp with a service of denial attack and to patch that up and il be ready to go.

so could anyone tell me how i can do that in mandrake 9.1 fully updated?

Thanks in advance.
 
Old 11-11-2003, 12:13 AM   #2
linuxbotx
Member
 
Registered: Oct 2003
Location: USA
Distribution: Fedora Core 4
Posts: 247

Rep: Reputation: 30
Do you have the firewall setup?
 
Old 11-11-2003, 12:56 AM   #3
stuNNed
Member
 
Registered: Aug 2003
Distribution: Gentoo/Ubuntu
Posts: 134

Rep: Reputation: 15
what is the DOS targeting?

you can insert in iptables rule to block where it is coming from.

install snort ( www.snort.org ) and figure out where it's coming from then write a rule for it.

also there's firestarter gtk2 frontend to iptables.
 
Old 11-11-2003, 07:23 PM   #4
Ozzman
LQ Newbie
 
Registered: Jun 2003
Posts: 17

Original Poster
Rep: Reputation: 0
Quote:
Originally posted by linuxbotx
Do you have the firewall setup?
yes i set it up using the mandrake firewall in control panel. but there is no option for denial of service attacks, ive used firestarter and it was very good but dont know if that'll work well with mandrakes firewall config. also i was told he was able to crash the ftp, so i only need to cover that.. however i only have 3 ports open httpd, ssh, and ftp so if i can cover all those from pings and all that good stuff i saw in firestarter that would be best.

Thanks once again in advance for any help.
 
Old 11-11-2003, 09:50 PM   #5
stuNNed
Member
 
Registered: Aug 2003
Distribution: Gentoo/Ubuntu
Posts: 134

Rep: Reputation: 15
you can --limit traffic on ftp might help

i.e. take advantage of iptables' stateful firewalling techniques.
 
Old 11-11-2003, 10:56 PM   #6
DavidPhillips
Guru
 
Registered: Jun 2001
Location: South Alabama
Distribution: Fedora / RedHat / SuSE
Posts: 7,154

Rep: Reputation: 56
I would say stop the ftp server your using and install another one, or check for an update.

what are you using?

Last edited by DavidPhillips; 11-11-2003 at 11:01 PM.
 
Old 11-12-2003, 12:36 AM   #7
stuNNed
Member
 
Registered: Aug 2003
Distribution: Gentoo/Ubuntu
Posts: 134

Rep: Reputation: 15
vsftpd is supposed to be secure, alot of big sites use it.
 
Old 11-12-2003, 01:02 AM   #8
Ozzman
LQ Newbie
 
Registered: Jun 2003
Posts: 17

Original Poster
Rep: Reputation: 0
im using proftp
 
Old 11-12-2003, 01:28 AM   #9
Ozzman
LQ Newbie
 
Registered: Jun 2003
Posts: 17

Original Poster
Rep: Reputation: 0
id like to use firestarter, but i know my mandrake is using shorewall as its firewall, what will happen to that?

and if i cant use firestarter nicely with shorewall then what do i have to add or do to block against denial of service attacks?

Last edited by Ozzman; 11-12-2003 at 01:46 AM.
 
Old 11-12-2003, 07:14 PM   #10
DavidPhillips
Guru
 
Registered: Jun 2001
Location: South Alabama
Distribution: Fedora / RedHat / SuSE
Posts: 7,154

Rep: Reputation: 56
I'm no ftp wizard or anything close to it, however I do not think a firewall is the answer. You are wanting to let the connections in or what would be the point of having a server.

I still say if there are no updates to fix the problem go with another server, wuftp has new updates that fixes a problem. You would need to do some researce.

ftp is a pretty risky thing to use anyway in some cases, what are you going to be doing with it.
 
Old 11-12-2003, 09:50 PM   #11
Ozzman
LQ Newbie
 
Registered: Jun 2003
Posts: 17

Original Poster
Rep: Reputation: 0
ftp will be used to allow the several other school departments put up their own websites, or files. and i think ssh would be way to hard to explain.. and ftp is the next to simplist way of doing it. (i also have a upload script made by the programmer on my team but ftp is still needed just to be on the safe side)

so you really think ws_ftp is a better option? il go ahead and see if there is a update for proftp but i dont think so..
 
Old 11-12-2003, 10:18 PM   #12
DavidPhillips
Guru
 
Registered: Jun 2001
Location: South Alabama
Distribution: Fedora / RedHat / SuSE
Posts: 7,154

Rep: Reputation: 56
I would use http upload, you have a working server and you can use ssl for login through https.

If you must use ftp then yes, I would try a different server.
 
Old 11-12-2003, 10:41 PM   #13
Patrick Bulteel
Member
 
Registered: Nov 2003
Location: United Kingdom
Distribution: Mandrake, RedHat, Suse, Ubuntu, Debian
Posts: 37

Rep: Reputation: 15
Maybe the issue is that you haven't updated Mandrake? I know there's a update to proftpd so maybe that's it. As you should already know Mandrake has a tool to do the updates.

Mandrake Update should get your FTP and SSH up-to-date.

Also, make sure you subscribe to several security related sites like CERT (http://www.cert.org/) and the Mandrake Security newsletter (http://www.mandrakesecure.net/en/advisories/)

Then remember to update your systems when you can.
 
Old 11-13-2003, 12:59 AM   #14
Ozzman
LQ Newbie
 
Registered: Jun 2003
Posts: 17

Original Poster
Rep: Reputation: 0
i ran the update tool and it updated everything, but i dont trust it that much because my shorewall is still 1.3.14, that may be it, and i want to update it but worried i might lose all my settings..
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
how to stop arp Denial of service/flood? 4mix Linux - Networking 4 06-13-2013 03:14 AM
denial of services ?? johnyy Linux - Security 5 09-28-2003 10:15 AM
ways to protect against denial of service attacks. sundarrnathan Linux - Security 1 06-01-2003 12:58 PM
DHCPD Denial htimst Linux - Networking 8 02-01-2002 09:45 AM
Denial of Traffic glumpkin Linux - Networking 1 12-05-2001 03:04 PM


All times are GMT -5. The time now is 06:56 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration