Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
And the firewall is now ok with dns... so i dont need to remove anything from the chains right?? all i will do later is add... well, i will add in
iptables -A BADIPS -s A.B.C.D -j DROP
And no need if
#insert new chain into INPUT
iptables -I INPUT 2 -j BADIPS
Right?
Above all, Thank you very much Sir... for your kind patience in solving the problem. I can see the guy is trying to get access but the connection goes to sleep.... Thanks...
a few days ago, i made a check to a server for open ports. that server was hosting dns/www/mail or all (i'm sure) but nmap gave nothing. I liked that... i could not find out any open port... but dafinitely a port is listening there....
there are different ways to run nmap, some are more sneaky or ignorant than the other. For instance, some scans dont do a port scan if the host doesnt respond to icmp first. 'man nmap' to see every type of host discovery and scan techniques that are available. it's a large list.
IMO, his SSH port could've stayed on port 30. While this is considered security by obscurity, using more than that one method alone is the better approach. And even if he has SSH key authentication enabled and the service listening on port 22, he's still going to have HUGE logs documenting all the brute forcing. He could've kept the service on port 30, enabled SSH key auth and had less of an issue with brute force AND less logs to deal with, even if all log entries are denials.
IMO, his SSH port could've stayed on port 30. While this is considered security by obscurity, using more than that one method alone is the better approach. And even if he has SSH key authentication enabled and the service listening on port 22, he's still going to have HUGE logs documenting all the brute forcing. He could've kept the service on port 30, enabled SSH key auth and had less of an issue with brute force AND less logs to deal with, even if all log entries are denials.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.