LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-17-2015, 03:33 AM   #1
mackowiakp
Member
 
Registered: Jun 2014
Location: Poland/Gdynia
Distribution: Mageia 9, SH4, Debian
Posts: 367

Rep: Reputation: 8
Preventing from port scanning


I want to prevent my server from port scanning from Internet. And if port scanning occurs, block source IP address for several minutes

Below mu current iptables config:

Code:
Lilith> iptables --list-rules
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N DOS_PROTECT
-A INPUT -i eth1 -j DOS_PROTECT
-A INPUT -i eth0 -j DOS_PROTECT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 80 -j DROP
-A INPUT -i eth0 -p udp -m udp --dport 80 -j DROP
-A INPUT -i eth0 -p tcp -m tcp --dport 587 -j DROP
-A INPUT -i eth0 -p udp -m udp --dport 587 -j DROP
-A INPUT -i eth0 -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 666 -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 667 -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 5006 -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 993 -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 587 -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 465 -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 8443 -j ACCEPT
-A INPUT -i eth1 -j DROP
-A DOS_PROTECT -i eth1 -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j RETURN
-A DOS_PROTECT -i eth1 -p icmp -m icmp --icmp-type 8 -j DROP
-A DOS_PROTECT -i eth1 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 1/sec -j RETURN
-A DOS_PROTECT -i eth1 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -j DROP
-A DOS_PROTECT -i eth1 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 10000/sec --limit-burst 100 -j RETURN
-A DOS_PROTECT -i eth1 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j DROP
-A DOS_PROTECT -i eth0 -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j RETURN
-A DOS_PROTECT -i eth0 -p icmp -m icmp --icmp-type 8 -j DROP
-A DOS_PROTECT -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 1/sec -j RETURN
-A DOS_PROTECT -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -j DROP
-A DOS_PROTECT -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 10000/sec --limit-burst 100 -j RETURN
-A DOS_PROTECT -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j DROP
Lilith> iptables --list      
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
DOS_PROTECT  all  --  anywhere             anywhere            
DOS_PROTECT  all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
DROP       tcp  --  anywhere             anywhere             tcp dpt:http
DROP       udp  --  anywhere             anywhere             udp dpt:http
DROP       tcp  --  anywhere             anywhere             tcp dpt:submission
DROP       udp  --  anywhere             anywhere             udp dpt:submission
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:666
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:667
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:5006
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imaps
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:submission
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:urd
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:8443
DROP       all  --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain DOS_PROTECT (2 references)
target     prot opt source               destination         
RETURN     icmp --  anywhere             anywhere             icmp echo-request limit: avg 1/sec burst 5
DROP       icmp --  anywhere             anywhere             icmp echo-request
RETURN     tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5
DROP       tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,ACK/RST
RETURN     tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 10000/sec burst 100
DROP       tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,ACK/SYN
RETURN     icmp --  anywhere             anywhere             icmp echo-request limit: avg 1/sec burst 5
DROP       icmp --  anywhere             anywhere             icmp echo-request
RETURN     tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5
DROP       tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,ACK/RST
RETURN     tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 10000/sec burst 100
DROP       tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,ACK/SYN
Lilith>
I want to insert for interface eth1 anti-scanning rule. How can I do it?

I try:

Code:
iptables -A INPUT -m recent –name portscan –rcheck –seconds 900 -j DROP
iptables -A FORWARD -m recent –name portscan –rcheck –seconds 900 -j DROP
but error was reported:

Code:
Lilith> iptables -A INPUT -m recent –name portscan –rcheck –seconds 900 -j DROP
iptables v1.4.21: Couldn't load match `recent':No such file or directory
Can anybody help me?
 
Old 04-17-2015, 03:52 AM   #2
pan64
LQ Addict
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 22,247

Rep: Reputation: 7419Reputation: 7419Reputation: 7419Reputation: 7419Reputation: 7419Reputation: 7419Reputation: 7419Reputation: 7419Reputation: 7419Reputation: 7419Reputation: 7419
hope this helps: http://www.linuxquestions.org/questi...an-4175469913/
 
Old 04-17-2015, 04:01 AM   #3
mackowiakp
Member
 
Registered: Jun 2014
Location: Poland/Gdynia
Distribution: Mageia 9, SH4, Debian
Posts: 367

Original Poster
Rep: Reputation: 8
Quote:
Originally Posted by pan64 View Post
Yes I know this post so I try touse similar rules. But look to my post what happens:

Code:
Lilith> iptables -A INPUT -m recent –name portscan –rcheck –seconds 900 -j DROP
iptables v1.4.21: Couldn't load match `recent':No such file or directory
 
Old 04-17-2015, 04:36 AM   #4
pan64
LQ Addict
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 22,247

Rep: Reputation: 7419Reputation: 7419Reputation: 7419Reputation: 7419Reputation: 7419Reputation: 7419Reputation: 7419Reputation: 7419Reputation: 7419Reputation: 7419Reputation: 7419
yes, that is about the module recent. You need to insmod that kernel module.
http://stackoverflow.com/questions/2...tables-modules
http://osquestions.com/unix-linux/76...-recent-module
 
Old 04-17-2015, 05:00 AM   #5
mackowiakp
Member
 
Registered: Jun 2014
Location: Poland/Gdynia
Distribution: Mageia 9, SH4, Debian
Posts: 367

Original Poster
Rep: Reputation: 8
Yep. Reason was absence od xt_recent module. THX!
 
Old 04-17-2015, 05:23 AM   #6
pan64
LQ Addict
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 22,247

Rep: Reputation: 7419Reputation: 7419Reputation: 7419Reputation: 7419Reputation: 7419Reputation: 7419Reputation: 7419Reputation: 7419Reputation: 7419Reputation: 7419Reputation: 7419
glad to help you
if you really want to say thanks just click on yes
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
preventing postfix from listening on port 25 tklima Linux - Server 5 08-30-2010 12:06 PM
Preventing port scanning using iptables, is this possible? sarajevo Linux - Security 2 08-07-2006 12:20 AM
Port scanning? muppski Linux - Security 6 07-01-2005 05:44 PM
port scanning johncla Linux - Networking 1 05-02-2001 03:09 AM
Port Scanning tfrye Linux - Security 2 03-24-2001 09:43 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 12:30 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration