LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 01-17-2003, 03:18 PM   #1
Texicle
Member
 
Registered: Oct 2002
Location: Northern Ontario, Canada
Distribution: Slackware 10.0
Posts: 789

Rep: Reputation: 30
iptables question


Hello.

After having done some checks on my /var/log/secure file I've noticed several attempts from people in Germany, Switzerland, Romania, and the U.S. trying to login to my ftp, ssh, and sendmail ports over the last few weeks. My box is not a server or anything, but I would like to secure it while I'm online. I had done some preliminary work with /etc/inetd.conf but apparently I missed some areas. I had a friend scan me with 7th Sphere Port Scan and he found LOTS of open ports. So, I decided to do some checking into iptables. Since my system isn't always connected (still stuck in dial up), I decided to use the following:

iptables -A INPUT -p tcp --syn -j DROP

This works marvelously. I don't need anyone connecting via ssh or ftp or anything like that so it lets me use the internet and Licq and all other normal online functions without any ports being available to anyone else. I had my friend scan me again after I issued the command and he could find no open ports. However, after I rebooted and had him scan me again, I had LOTS of open ports again.

I don't mind having to type this in every time I boot up, but I would really like to have it stick permanently, or if that can't be done, I'd like to have the command issued at login or start up. All online iptables tutorials I've seen give help on the commands themselves and "iptables --help" does the same as well. Could someone please point me in the right direction for this task?

Thank you.
 
Old 01-17-2003, 04:01 PM   #2
Ztyx
Member
 
Registered: Dec 2001
Location: Stockholm, Sweden
Distribution: Ubuntu, Kubuntu and Debian
Posts: 338

Rep: Reputation: 30
In mandrake you would put the command at the bottom of
/etc/rc.local
although I'm not sure it's the same file in slackware.

Why not uninstall your ssh, ftp aswell if you don't use them?
 
Old 01-17-2003, 04:09 PM   #3
Texicle
Member
 
Registered: Oct 2002
Location: Northern Ontario, Canada
Distribution: Slackware 10.0
Posts: 789

Original Poster
Rep: Reputation: 30
Thanks for the pointer. I'll look into it tonight when I get home.

I'm currently stuck in dial up land until I get my broadband hooked up. I want to keep the ssh, ftp, etc. so when I do get hooked up with cable, I'll be able to have them. After I get cable and an "always on" connection, I'm going to set up the system as a firewall for my home network and as a proxy for my family. For now though, 33.6Kbps just really isn't worth having all those utilities. I'm hoping to get broadband soon so I can start playing around with networking and security.
 
Old 01-17-2003, 04:36 PM   #4
ab42
LQ Newbie
 
Registered: Jan 2003
Location: Atlanta, GA
Distribution: Slackware
Posts: 10

Rep: Reputation: 0
The file is rc.local for all local commands on boot but in Slackware its located here :

/etc/rc.d/rc.local

Regardless, on 33.6 it would take a very patient cracker to wait around to see if your system was worth intruding. I get tons of attempts also from various countries to login via my personal http and ftp servers. All my logs indicated an automated port-scanning/vulnerability check software as many of the attempts to crash my apache server were aimed at common Micrsoft IIS vulnerabilities.

If you do choose to run those services after you get broadband, I highly recommend scanning your logs and checking for ip patterns. Most daemons allow for ip mask blocking of certain ranges for those pesky folks...
 
Old 01-17-2003, 05:19 PM   #5
Texicle
Member
 
Registered: Oct 2002
Location: Northern Ontario, Canada
Distribution: Slackware 10.0
Posts: 789

Original Poster
Rep: Reputation: 30
ab42,

Thanks for the info. I started checking my logs about 4 days ago and noticed that someone in Germany has attempted 4 or 5 times in as many days to connect. I didn't really think anyone would have bothered with my system since it really doesn't have anything anyone would want and it's on a slow connection. However, I guess if someone wanted to create a backdoor and use my system to launch any kind of attacks on other systems, they might find my box useful to some extent. To avoid this I decided to go with iptables.

That one IP pattern I caught is the only reason I decided to do any kind of securing. If it only happened once or twice it wouldn't really have bothered me at all. Since my box was pretty much wide open (except I had tweaked sudoers, /etc/inetd.conf, /etc/securetty, and others to prevent any root access remotely), I figured I would be safe.

Do you have any tips on those daemons you mentioned?
 
Old 01-18-2003, 03:26 PM   #6
sharper
Member
 
Registered: Aug 2002
Location: MN USA
Distribution: slakware 9.0
Posts: 121

Rep: Reputation: 15
I have a script of the firewall configuration and added a line to ip-up that runs the script everytime I connect with my dialup. Seems to work fine.
 
Old 01-18-2003, 04:11 PM   #7
NSKL
Senior Member
 
Registered: Jan 2002
Location: Rome, Italy ; Novi Sad, Srbija; Brisbane, Australia
Distribution: Ubuntu / ITOS2008
Posts: 1,207

Rep: Reputation: 46
Firewall script should be put in /etc/rc.d.rc.firewall and it will be invoked automatically at bootup.
Turn Off all the services you don't need in /etc/inetd.conf, and look through all the files in /etc/rc.d/rc.* and comment out every service you don't need.
Here are two good things to read:
http://www.google.com/search?q=cache...hl=en&ie=UTF-8
http://www.google.com/search?q=cache...hl=en&ie=UTF-8
HTH
-NSKL
 
Old 01-19-2003, 12:48 AM   #8
Texicle
Member
 
Registered: Oct 2002
Location: Northern Ontario, Canada
Distribution: Slackware 10.0
Posts: 789

Original Poster
Rep: Reputation: 30
Thank you everyone for your suggestions and tips on the file locations. I got it all set up now. NSKL, that link is awesome. I've got it saved to a bookmark now and I'm sure I'll be referencing it in the future again.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IPTables question THE RADICAL Linux - Security 4 12-15-2005 03:12 AM
iptables question iomari Linux - Security 4 01-13-2005 12:14 AM
Iptables Question? unixfreak Linux - Security 1 09-01-2004 08:23 PM
iptables Question gauge73 Linux - Networking 3 12-14-2003 12:02 AM
IPtables Question jacovds Linux - Security 10 11-17-2003 09:46 AM


All times are GMT -5. The time now is 01:46 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration