Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
06-27-2007, 03:50 AM
|
#1
|
Member
Registered: Apr 2007
Location: Caspian sea & China
Distribution: FC7 XP Ubuntu
Posts: 111
Rep:
|
Fire wall and black ice
Hi all
When I us Xp at home I always run the black ice and it all the time notifies me that I’m under attack and shows the attacker IP so I can block it
Is there any similar software for Linux? Or do I need to modify the fire wall? And how?
RGD
|
|
|
06-27-2007, 04:25 AM
|
#2
|
Member
Registered: Sep 2005
Location: Sri Lanka
Distribution: Fedora (workstations), CentOS (servers), Arch, Mint, Ubuntu, and a few more.
Posts: 441
Rep:
|
Quote:
Originally Posted by anasmich
Hi all
When I us Xp at home I always run the black ice and it all the time notifies me that I’m under attack and shows the attacker IP so I can block it
|
I don't see why you need such a software for Linux if you are properly using Netfilter/IPTables (which is included in the kernel itself). It's a firewall in simple terms and you know the rest. You don't have to manually block attackers.
Anyway if you still prefer alerts you might want to install an IDS like Snort, may be with a supporting GUI frontend too.
EDIT: If you want help on IPTables, you can post here (LQ.org) about it (if you thikn it's unanswered in earlier LQ posts)
Last edited by SkyEye; 06-27-2007 at 04:37 AM.
|
|
|
06-27-2007, 04:27 AM
|
#3
|
LQ Guru
Registered: Aug 2003
Distribution: CentOS, OS X
Posts: 5,131
Rep:
|
There may be a "ready" piece of software for this, search if you like. I find two ways (at least) of doing this: one way is to have iptables log the traffic, or part of it, that is coming and then have some program scan trough that (real-time) log information and try to identify "attacks", and then do something about it. Another way is to have a program listen to the traffic all the time (like tcpdump) and scan that output. There surely is some software available, at least to do stuff like ignore traffic that seems hostile. Google, Altavista and other search engines help you out.
|
|
|
06-27-2007, 04:51 AM
|
#4
|
Member
Registered: Apr 2007
Location: Caspian sea & China
Distribution: FC7 XP Ubuntu
Posts: 111
Original Poster
Rep:
|
Thank you guys!
Iptable who to run it from FC6? it will effect other chat program like messenger and skype?
thanks again
|
|
|
06-27-2007, 06:09 AM
|
#5
|
Member
Registered: Sep 2005
Location: Sri Lanka
Distribution: Fedora (workstations), CentOS (servers), Arch, Mint, Ubuntu, and a few more.
Posts: 441
Rep:
|
You already have IPTables active in FC6. You just have to give the rules you need. Luckily FC6 have a simple tool to edit firewall settings easily.
Go to menu System --> Administration --> Security Level & Firewall.
Set firewall enabled, and specify things you do not want to block. Some programs might need have non-filtered ports. If to enter them too (in other ports section). This is the easy way. Otherwise install a program like FireStarter. It'll be more flexible. But if you want total control, command line tool is the best.
|
|
|
All times are GMT -5. The time now is 10:04 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|