Ralph W. Reid
rreid at sunset.net
Mon Feb 12 14:37:05 EST 2007
Well then, perhaps a limit on the number of connection attempts per
minute may have helped in this particular case. Here is an example of
an iptables command which can limit one type of connection to 30 per
iptables --append INPUT -p icmp --icmp-type echo-request -j ACCEPT --match limit --limit 30/minute
Others here have provided other useful suggestions (setting kernel
parameters in /proc/sys, shutting down and even removing unused
programs and servers, etc.). Installing a separate system to do
nothing but firewalling between your main system and the outside world
can be helpful, but this is not always very practical. Also, if you
are running any IPv6 stuff, you should take similar steps to protect
your IPv6 operations (ip6tables, /proc/sys/net/ipv6/*, etc.). I know
you mentioned that you do not have time to plow through massive man
pages, but unfortunately system security management can take up some
time--especially when just getting started.
The more hardware and operating systems involved in a network, the
more complicated the mess becomes--complete careers have been built
around system security and system security management. Linux is not
the most vulnerable system by far, but any system which is connected
to the outside world in any way is at some level of risk. A source of
information I have sometimes found useful is
www.securityfocus.com--there is a lot of information on the web site
and in their email lists.
HTH a little anyway, and have a great day.
On Sun, Feb 11, 2007 at 09:32:28AM -0700, Littlefield, tyler wrote:
> it was spoofed.
> Tyler Littlefield
> Unlimited horizons head coder.
> check out our website:
> msn: compgeek134 at hotmail.com
> aim: st8amnd2005
> skype: st8amnd127
> ----- Original Message -----
> From: Ralph W. Reid <rreid at sunset.net>
> To: Speakup is a screen review system for Linux. <speakup at braille.uwo.ca>
> Sent: Sunday, February 11, 2007 9:10 AM
> Subject: Re: hacking attempts
> > If all of the attempts were from the same IP, you can block traffic
> > from an IP address with something like:
> > iptables --append INPUT -p udb -s <IP_ADDR> -j DROP
> > replacing <IP_ADDR> with the offending IP address. This idea might be
> > overly simple for what you really should do for some firewalling--you
> > might have to start learning iptables after all. What exactly do you
> > mean by the IP range of 22 to 249 anyway--was this part of the IP
> > address from where the scan originated?
> > If the udp port in question is not to be used from outside your system
> > in any case, a simple block of that port could look something like:
> > iptables --append INPUT -p udp -i eth0 --destination-port <PORTNUM> -j
> > where <PORTNUM> is the number of the port you wish to block, and eth0
> > represents ethernet port 0 (change as your system requires).
> > Depending on the requirements for your system, this might be too
> > simple of an approach as well--you will have to decide.
> > Also, that kind of scan seems to be highly unsophisticated, so it
> > might have been run by a 'kiddie script'. Since the individual who
> > ran it does not appear to be very experienced at scanning systems,
> > contacting the systems administrator of the company where the scan
> > came from might be in order--samples of your system logs could give
> > the powers that be at that ISP/company a clue as to the individual or
> > system which originated the scan, and they can then take appropriate
> > action as needed.
> > HTH, and have a great day.
> > On Sat, Feb 10, 2007 at 10:09:00AM -0700, Littlefield, tyler wrote:
> > > Hello list,
> > > I just had someone bomb the hell out of my system on a udp port, moving
> from ip of 22 to 249.
> > > My logwatch was huge.
> > > Is there a way I can block things like this?
> > > I'm not sure how to set up iptables, and don't really have a whole lot
> of time to go through a huge 300000 page tutorial.
> > > Thanks,
> > > Tyler Littlefield
> > > Unlimited horizons head coder.
> > > check out our website:
> > > tysplace.homelinux.net
> > > msn: compgeek134 at hotmail.com
> > > aim: st8amnd2005
> > > skype: st8amnd127
Ralph. N6BNO. Wisdom comes from central processing, not from I/O.
rreid at sunset.net http://personalweb.sunset.net/~rreid
...passing through The City of Internet at the speed of light...
COSECANT (x) = COTAN (x) / TAN (x)
More information about the Speakup