Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Linux
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: iptables & tcp wrappers

from [Toby Heywood] Network Security [Permanent Link]
Subject: Re: iptables & tcp wrappers
Date: Mon, 27 Sep 2004 23:02:25 +0100
I have to admit that I am not the best to advise on iptables but I believe I can answer your questions.

Try using

#iptables -A INPUT -p tcp -s PUT_IP_HERE -d 0/0 --syn -j LOG
#iptables -A INPUT -p tcp -s PUT_IP_HERE -d 0/0 --syn -j DROP

For additional security I would restrict the interface that you expect traffic to come in on as well. For example;

#iptables -A INPUT -i eth2 -s ip_address -d 0/0 -p tcp --syn -j DROP

If you want line numbers then try;

#iptables -L -v --line-numbers

With regards to blocking access to ssh and allowing from only a specified ip, if would do the following

1) #iptables -P INPUT DROP
2) #iptables -A INPUT -i eth2 -s example_ip -d ip_of_server -p tcp -m tcp --dport ssh -m state --state NEW,ESTABLISHED -j ACCEPT

Step one sets the default policy for the INPUT table, thus dropping all incoming traffic. Step two allows ssh access from the specified ip only if it is coming in via interface eth2.

Hope this is what you wanted.

Toby

Meatplow wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello.

I'm running RH Enterprise edition.

I'm relatively new to iptables.  I am getting the common intrusion
attempts with some  of the common uses of test/guest/root/ and a
couple others   I've been able to add the IPs to the to iptables.,
but
I'd really like a log that tells me the info that I want to know.

My basic input command is this :
#iptables -A INPUT -p tcp -s PUT_IP_HERE -d 0/0  --syn -j DROP

iptables seem a little convoluted.  Example.  To delete  a line -
supposedly give it a line and it will be deleted/modified.  My
problem is even with #iptable -L -v there is no line number ?

My goal is to block all incoming ssh attempts except IP#.
This is where I got into hosts.allow/deny as mentioned below.

I've tried to find many different types of commands and it works to
some degree, but not the way I'd expect it to.

Any help would be appreciated.  I'm not completely sure that I
understand iptables as well as I want/need to.  I've also toyed
around with the hosts.allow/hosts.deny and have not been successful.



I know that there is a lot of info in here, and I'm tired.  I'll
leave it at that


Thanks in advance for your time and help.

Meatplow
greg  ta meatplow.com


Thanks again.

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBQVSBsR42gIcyjrnjEQJIqwCfWAShp7r+J1XNNjQq6sbvvD03WZ8AoNrg
ctQ837g5pQDafgBhTTeeMr1V
=niWK
-----END PGP SIGNATURE-----







Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: iptables & tcp wrappers, Whelan, Paul
Next by Date:  RE: iptables & tcp wrappers, Bowes, Ronald (EST)
Previous by Thread:  Re: iptables & tcp wrappers, TJ Easter
Next by Thread:  Re: iptables & tcp wrappers, Ed J. Aivazian
Indexes:  [Date] [Thread] [Top] [All Lists]