LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 06-21-2003, 05:17 PM   #1
Greg21
Member
 
Registered: Jan 2002
Posts: 72

Rep: Reputation: 15
Block potential security threats


Is it possible to block access to my computer's services to ip's that display threatening behavior.

IE
If some ip attempts to access a bunch of my closed ports in quick succession I would want all of my ports to appear closed to them

OR

Apache logs that any ip has attempted to access /..anything../cmd.exe it is locked out from all of my services.


My computer is secure enough to withstand thses annoying types of attacks, but they distract from possible real problems. My apache error log is stuffed with cmd.exe errors making it almost impossible to find anything else.

If you have any tips or anything, please share

Thanks
Greg
 
Old 06-21-2003, 06:05 PM   #2
trickykid
LQ Guru
 
Registered: Jan 2001
Posts: 24,149

Rep: Reputation: 253Reputation: 253Reputation: 253
Don't worry about anything with that cmd.exe cause as far as I know that is code red or some of the other attacks specifically aimed at Windows Servers, etc.

I mean you could write a script that would check every so often your log files and if it is trying to access your services, etc that you don't want it to, you can make it so it writes to block that host or IP to your hosts.deny or something like that??

Anyone else have any ideas?
 
Old 06-21-2003, 06:11 PM   #3
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 66
hosts.deny or iptables/chains to just restrict certain services.
 
Old 06-21-2003, 06:12 PM   #4
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 66
Probably a better solution would be to find the ip owner and inform them that someone using their ip is trying to hack your system. The chances are the ISP will cancel their account or implement a block at theier end to save the embarrasment.
 
Old 06-21-2003, 06:28 PM   #5
Greg21
Member
 
Registered: Jan 2002
Posts: 72

Original Poster
Rep: Reputation: 15
I don't want all that trouble, it's only a attempt to hack a windows box, my computer has no cmd.exe

I just want to block off all the annoying log file entries. I suppose I could use the hosts.deny file - good idea actually.


Slackware 9.0 uses IPchains? Because I don't think redhat does. Is there a good howto on ipchains anyone could point me to?

Last edited by Greg21; 06-21-2003 at 06:57 PM.
 
Old 06-21-2003, 08:55 PM   #6
KneeLess
Member
 
Registered: May 2003
Distribution: Debian GNU/Linux 3.0 Sid, OpenBSD 3.5
Posts: 190

Rep: Reputation: 30
Slackware 9.0.0 uses Iptables 1.2.7a.

But I guess you could upgrade.
 
Old 06-22-2003, 05:51 AM   #7
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 66
IPCHAINS howto:
http://www.ibiblio.org/pub/Linux/doc...INS-HOWTO.html

The Linux Documentation Project has most howtos you'll need:
http://www.tldp.org
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Spyware / Malware Threats? carlosinfl Linux - Security 5 11-24-2005 08:57 AM
Top 20 computer threats masand Linux - News 1 12-16-2004 10:08 PM
security threats ? farhan Linux - Security 4 12-06-2004 06:42 PM
potential virus? minm Linux - Newbie 5 10-29-2004 03:48 PM
VPN and roaming user threats fes Linux - Networking 2 05-14-2004 04:26 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 10:05 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration