Hello.

After having done some checks on my /var/log/secure file I've noticed several attempts from people in Germany, Switzerland, Romania, and the U.S. trying to login to my ftp, ssh, and sendmail ports over the last few weeks. My box is not a server or anything, but I would like to secure it while I'm online. I had done some preliminary work with /etc/inetd.conf but apparently I missed some areas. I had a friend scan me with 7th Sphere Port Scan and he found LOTS of open ports. So, I decided to do some checking into iptables. Since my system isn't always connected (still stuck in dial up), I decided to use the following:

iptables -A INPUT -p tcp --syn -j DROP

This works marvelously. I don't need anyone connecting via ssh or ftp or anything like that so it lets me use the internet and Licq and all other normal online functions without any ports being available to anyone else. I had my friend scan me again after I issued the command and he could find no open ports. However, after I rebooted and had him scan me again, I had LOTS of open ports again.

I don't mind having to type this in every time I boot up, but I would really like to have it stick permanently, or if that can't be done, I'd like to have the command issued at login or start up. All online iptables tutorials I've seen give help on the commands themselves and "iptables --help" does the same as well. Could someone please point me in the right direction for this task?

Thank you.

In mandrake you would put the command at the bottom of
/etc/rc.local
although I'm not sure it's the same file in slackware.

Why not uninstall your ssh, ftp aswell if you don't use them?

Thanks for the pointer. I'll look into it tonight when I get home.

I'm currently stuck in dial up land until I get my broadband hooked up. I want to keep the ssh, ftp, etc. so when I do get hooked up with cable, I'll be able to have them. After I get cable and an "always on" connection, I'm going to set up the system as a firewall for my home network and as a proxy for my family. For now though, 33.6Kbps just really isn't worth having all those utilities. I'm hoping to get broadband soon so I can start playing around with networking and security.

The file is rc.local for all local commands on boot but in Slackware its located here :

/etc/rc.d/rc.local

Regardless, on 33.6 it would take a very patient cracker to wait around to see if your system was worth intruding. I get tons of attempts also from various countries to login via my personal http and ftp servers. All my logs indicated an automated port-scanning/vulnerability check software as many of the attempts to crash my apache server were aimed at common Micrsoft IIS vulnerabilities.

If you do choose to run those services after you get broadband, I highly recommend scanning your logs and checking for ip patterns. Most daemons allow for ip mask blocking of certain ranges for those pesky folks...

ab42,

Thanks for the info. I started checking my logs about 4 days ago and noticed that someone in Germany has attempted 4 or 5 times in as many days to connect. I didn't really think anyone would have bothered with my system since it really doesn't have anything anyone would want and it's on a slow connection. However, I guess if someone wanted to create a backdoor and use my system to launch any kind of attacks on other systems, they might find my box useful to some extent. To avoid this I decided to go with iptables.

That one IP pattern I caught is the only reason I decided to do any kind of securing. If it only happened once or twice it wouldn't really have bothered me at all. Since my box was pretty much wide open (except I had tweaked sudoers, /etc/inetd.conf, /etc/securetty, and others to prevent any root access remotely), I figured I would be safe.

Do you have any tips on those daemons you mentioned?

I have a script of the firewall configuration and added a line to ip-up that runs the script everytime I connect with my dialup. Seems to work fine.

Firewall script should be put in /etc/rc.d.rc.firewall and it will be invoked automatically at bootup.
Turn Off all the services you don't need in /etc/inetd.conf, and look through all the files in /etc/rc.d/rc.* and comment out every service you don't need.
Here are two good things to read:
http://www.google.com/search?q=cache...hl=en&ie=UTF-8
http://www.google.com/search?q=cache...hl=en&ie=UTF-8
HTH
-NSKL

Thank you everyone for your suggestions and tips on the file locations. I got it all set up now. NSKL, that link is awesome. I've got it saved to a bookmark now and I'm sure I'll be referencing it in the future again.