Security :: Advanced Firewall And Testing - Block Certain Kinds Of Attacks?

Dec 14, 2010

I launched my website. At the moment the site has an firewall (iptables) enabled with very simple rules. All incoming traffic is blocked, except for the ports http and ssh. Everything is working perfect, but I want also to be able to block certain kinds of attacks. There are some really good examples on the internet, but I don't now if they contain all kinds of attacks which are relevant to my situation. To be clear, I only server web content through port 80 and use ssh to remote login.

View 3 Replies


ADVERTISEMENT

Ubuntu Security :: Block PHP Injection Attacks With Fail2ban

Apr 12, 2010

I'm trying to implement this method to block php injection attack using fail2ban: here it is, however I'm not sure it applies to Ubuntu. You see, there's this filter that must be added to the fail2ban jail file:

HTML Code:
[php-url-fopen]
enabled = true
port = http,https
filter = php-url-fopen

[Code]....

View 7 Replies View Related

Security :: App For Free Firewall Testing?

Nov 9, 2010

I would like to test my firewall rules. Is there some app or web service where I can do that ?

View 6 Replies View Related

Ubuntu Security :: Firewall Does Not Block Tor Connections

Oct 2, 2010

I have noticed interesting problem. I use two browsers - Firefox and Konqueror. Konqueror is configured to use tor, Firefox not. Using Gufw I block all incoming and outgoing traffic and it works while using Firefox, I mean that I can't view any www site and it is ok. But if I use Konqueror I can establish any conection. How to understand this? Should I have different firewall while using tor?

View 5 Replies View Related

Security :: Can A Firewall Block Unencrypted Email Attachments From Being Sent

Dec 9, 2010

I manage a linux-based network, where some projects are currently under development. Our IT policy states that any email attachment shall be encrypted using GPG. Can I block other attachments using a firewall?

Note: Currently our mail server is not in campus. So I can only use a firewall for this security issue.

View 5 Replies View Related

Networking :: Setup Firewall / Sys1 Is Not Connected To Firewall For Testing Purpose?

May 18, 2010

I am learning to setup firewall in my home for that i have selected four system(sys1,sys2....sys4) for testing .I have configured sys2 to act as a firewall with two NIC. sys3 and sys4 are inside the firewall . sys1 is not connected to firewall for testing purpose.

the IP assignments are follows :

sys1 : ( fedora, not connected to firewall i am thinking, But i am not sure )

IP : 192.168.2.1 ,
gateway : blank
dns1 : blank
dns2 : blank

sys2 firewall ,IPTABLES )
code....

what happened is that sys1(not connected to firewall) can ssh to sys4(connected,inside firewall),since the rules are written not to ssh form sys1 to sys4..

then I came to know whatever the request I give, It directly goes as sys1 --> sys4. Not as sys1-----> sys2(firewall)---> sys4 .and the firewall is not filtering and processing anything for both inbound and outbound (i think it's my mistake some where). the requests are directly going inside without firewall.

View 3 Replies View Related

General :: Detect DoS Attacks / Manually Block IP On Ubuntu?

Sep 14, 2011

I have a VPS with Ubuntu. I host a small website (~10 visitors at the same time). Sometimes the website starts lagging. It lags so bad that my SSH connection starts lagging too. Running top says that 2 instances of apache2 take up 50 %CPU each.

I assume this is a DoS attack. I've copy-paste installed a few iptables scripts that made sense, but this has not helped. I installed libapache2-mod-evasive -- I'm sure it blocks the attacker, but I'm still lagging.

What can I do? Can I at least find the IP of the attacker? I have strong experience with Linux, but almost zero experience with being a server admin.

View 2 Replies View Related

Security :: How To Block Site In Firewall Or Router By Protocol Wise & Host Wise?

Jun 24, 2009

I would like to know the blocking methode In a Firewall or a Router.whether i will be done by Protocol wise, ho? or it will done through Host wise, How ?

View 2 Replies View Related

Security :: HOW TO Protect From VPN Attacks

Jun 1, 2011

I would like to know how to protect networks against VPN attacks? How does big industries do it? What does the government tend to use? Are any tools open source that I may get?

View 1 Replies View Related

Security :: How To Find The Trace Of The Attacks

Dec 30, 2008

I fear that an attack or an entry in my PC has occured, how to find the trace of the attacks.

View 3 Replies View Related

Security :: Prevent Ddos Apache Attacks?

Jan 25, 2011

recently my Apache server crashes very often; by watching the error log,I've notice several signs of intrusion.So, I think the problem can be a denial of service attack against my machine.My distribution is Debian Lenny.

View 2 Replies View Related

Ubuntu Security :: SSH Pubkey Authentication And MITM Attacks

Jan 6, 2011

Given that my public key is a pre-shared secret is sshd made in a way that this negates the possibility of a man in the middle attack? In other words, if the known_hosts file were to be deleted, would it be safe to ignore the fingerprint of a server that already has my public key in authorized_keys?

View 5 Replies View Related

Security :: Researchers Working Toward Processor-Specific Attacks?

Nov 10, 2010

With the disappearance of an OS monoculture, attackers would do well to find attacks that are neither OS or application specific. One way to do that, of course, is to target attacks at hardware, rather than software. Now research out of Frances Ecole Superiore d'Informatique, Electronique, Automatique (ESIEA) moves a step closer to that goal: identifying a method for isolating the processor used by anonymous systems for the purpose of subverting that hardware.

View 2 Replies View Related

Debian Configuration :: Root Attacks Due To Security Breach In Exim4?

Jan 21, 2011

My debian server has been attacked due to a security breach in exim4 4.69-9 (probably applies to loads of other versions too). The security breach allows the attacker to get root access by creating a buffer overflow in a header which then can be used to inject code.

[URL]

The securtiy breach is fixed with 4.69-9+lenny1 I want to share my actions with you on what I did to (hopefully) get rid of it. However at the time of writing this, the above website is down due to too much load (DDOS Attack?). How you can check if you've been attacked:

The attack creates a buffer overflow in exim4, which results in paniclog entries.

$ cat /var/log/exim4/paniclog
2010-12-17 07:34:11 string too large in xxxyyy()
2010-12-19 10:42:10 string too large in xxxyyy()

this would be an example of two attacks. One on 2010-12-17 and the other two days later 2010-12-19.with this information you can start find potentially infected files. There may be a better way, but I searched for them with this command:

$ find / -mtime 31 2>/dev/null # files,directories,links created 31 days ago (i.e. 2010-12-17)

My infected files:

/usr/bin/uptime
/usr/bin/pwdx
/usr/bin/slabtop

[code]....

View 4 Replies View Related

Ubuntu Security :: Pen Test IIS - Methods To Simulate Attacks To Check HIPS Detects?

Jan 27, 2011

I need to do a pentest on a Microsoft IIS webserver to test the efficiency of the HIPS i have installed on. methods to simulate attacks so that i can check if the HIPS will detect them?

View 4 Replies View Related

Security :: My Server - Deb5 And Plesk10 - Is Involved - Causing - In Brute Force Attacks

May 6, 2011

I am ashamed that I am causing other people troubles, but apparantly my server is involved in attacking the servers of other people.

I have to admit that I am not too familiar with using a CLI, or Linux for that matter, but I have a Debian server running under Plesk 10, which is colocated.

Now I have received messages from the datacenterm which state that my server is involved in brute force attacks.

The messages show a lot of lines like this:

Code:

The only I get from my hoster is to back up all domains and re-install the machine.

I want to resolve this asap, but do not agree with that action for two reasons: the machine just had a fresh re-install 2 months ago, so if it is a flaw in the OS, I will get the same flaw back, and if it is not OS related but due to a domain, I will get the problem back by putting back the backed-up domains.

But now I'm stuck: what steps should I follow to try and find the cause of this evil and make sure that my machine will not bother other machines anymore?

I realize that this probably will be a steep learning-curve, but please bare with me and help me to resolve this.

What have I done so far?

1) There are a number of live sites on this server, either running WordPress or Joomla, I have made sure they are all updated to the latest release.

2) I have manually looked at the source code of the index-files of those sites, haven't seen anything strange, like redirects.

3) I have used online scanners to check all sites for malware, all have been reported back to be clean.

4) I have run the Plesk-version of RKhunter, and that gives me certain warnings which I cannot (or do not) understand:

Code:

Code:

Code:

I received the first report of these attempts about a week ago and immediately changed the Plesk/SSH password to a 200bit password generated with KeePass, hoping that would keep out any evildoers.

View 14 Replies View Related

General :: Fake Block Device For Testing LVM?

Jun 1, 2010

I want to test LVM+Raid. When I was testing ZFS on Solaris, I was able to create regular files, and use those as disks for testing.I tried creating a regular file full of zeros w/ dd, then partitioning that. fdisk seemed to be able to create a partition on the regular file, but mkfs and parted couldn't work with it. Is there any way to create fake block devices for testing?

View 4 Replies View Related

Security :: Use Iptables As Firewall Instead Of Juniper Firewall?

May 9, 2011

Can we use iptables as firewall instead of Juniper firewall

View 2 Replies View Related

OpenSUSE Network :: How To Block An Outgoing Firewall

Mar 11, 2011

How I can refuse an outgoing connection on opensuse firewall by default outbound policy is permissive, and the p2p I explicitly deny an outgoing, according to protocol, remote port and local port.

But I can add rules as how to run opensuse firewall rules are permissive only for inbound traffic and so I can not specifically deny an outgoing connection.

Before using fwbuilder is very powerful and configurable but now I'm with suse for convenience but want to know if you can do what I want, if not I will have to use fwbuilder.

View 5 Replies View Related

Networking :: Firewall - How To Block - Broadcast Storm

May 28, 2010

Link 1 = my network [url]

My network:

Subnet 1

Subnet 2

When someone creates a network loop (a cat 5 cable is plugged into two ports on a switch), the 2 subnet get flooded and become very slow.

How can I prevent subnet 1 from getting flood if someone create a loop on subnet 2.

- eth2 go offline automatically until the network loop is canceled.

View 2 Replies View Related

Ubuntu Servers :: How To Block Torrents By Using Squid Or Firewall

Jan 5, 2010

I've been all around the net and can't find a "simple" answer how to block our LAN users from downloading torrents. Is it really that difficult?

Here's our setup:

1. The Server's Configs:

2. sudo gedit /etc/squid/squid.conf

3. sudo gedit /etc/rc.local (to start Firewall rules on bootup)

4. Server NOT a DHCP Server

5. No other iptables rules are configured, just the above ones.

Before in a 1 NIC setup, I blocked Workstations MAC addresses in the Router + Squid Proxy Server (Not Transparent), it worked, but some Online Java Apps didn't work and users can't send/receive email so I abandoned the method.

Now, I installed transparent Squid Proxy with 2 NIC cards, it works, but workstations can still download torrents! I know Squid doesn't block ports, right? So the answer must lie in Iptables Firewall? I basically use Squid just to deny access to Facebook, Friendster, or other "unproductive sites".

Quote:

How to block torrent downloading by using a Firewall? Or is there another "simple" way?

I've heard that it's better just to allow regular ports (80, 22, 465, etc...) then block all the rest, this way, you can prevent unnecessary ports.

I'm not an Iptables/Firewall expert so can you pls. explain it a bit more detailed if that's the case.

I'm also aware of just telling our users NOT to download torrents, but I just want to prohibit it entirely.

I know I will be the most "uncool" employee in our office.

View 9 Replies View Related

Ubuntu Networking :: Bridging Firewall - How To Block Incoming Traffic

May 2, 2010

I have a ubuntu computer set up as bridge between gateway and lan, with the lan connected to eth0 and gateway on eth1.

I'm trying to get it to basically block everything incoming except for the ports i specify, but also allow outgoing traffic. I've found, tried, modified som examples i found on the web, but still it wont block incoming traffic (ie, im still able to reach my webserver)

These are the rules, and i can't figure out why it wont block:

Code:
#!/bin/bash
iptables -F
iptables -X
iptables -I INPUT -i eth1 -j DROP

[Code].....

View 1 Replies View Related

Ubuntu Servers :: Set Up As A Firewall - Direct Internet Connection Through Where Will Block

Apr 19, 2011

I want to set up Ubuntu Server as a firewall in which I want to direct my internet connection through where Ubuntu Server will block, filter, and monitor anything that come into either three of my computers using the same internet connection. Is this easy to do? sum up the steps that I will have to go through to establish this, and any relevant information, and where I might be able to find necessary information etc. I plan to use ubuntu-10.04.2-server-i386.

View 3 Replies View Related

Networking :: Red Hat 5 - Add Firewall Functionality To Block Clients Ip Accessing Internet

Jan 26, 2010

I already have Linux Enterprise 5 system installed with some server packages such as Webmin, Active Directory, Web Server which also act as Internet gateway. Now I want to add firewall functionality to block clients ip accessing internet.

View 14 Replies View Related

Ubuntu Networking :: Firewall - Block Incoming / Outgoing Connections To IP Range

Jul 4, 2010

I am still new to ubuntu and I use firestarter as my firewall tool and I was told that its just ufw in a gui. Well anyways I noticed a connection to 174.129.241.144 using https and python, I didn't have any scripts running and my browser was closed, I read the man files for ufw and it said to do something like deny from 174.129.0.0/12 and I want to block all incoming and outgoing connections to this IP range and I was wondering how to do that, I heard of iptables that it would be able to do this but I dont know anything about it. What I should learn so I can handle these kinds of situation in the future and how I can block this ip subnet or also what does the /8, /12, and /16 stand for?

View 7 Replies View Related

Server :: Command For Iptable Rule To Add In Chain RH-Firewall-1 To Block Ftp Port?

Mar 10, 2011

tell me the command for iptable rule to add in Chain RH-Firewall-1 to block ftp port & the ftp server was configured in public ip address,i searched in google but i did'nt get the exact command for iptables rule in Chain RH-Firewall-1.

View 3 Replies View Related

Security :: POP3 Through Iptyables And ConfigServer Security And Firewall

Sep 23, 2010

I have a Suse11 box with 2 network cards:

I have squid as a proxy on the Suse box, and with the default firewall I have to enable masquerading to allow clients on the eth3:1-3 to send and receive mail through the Suse box. I found the Suse firewall completely inadequate (all P2P software/connections are allowed once you enable masquerading) and had to install ConfigServer Security & Firewall. In die configuration of csf I could get my way around getting smtp to work for the eth3:1-3 clients, but pop3 connections does not go through the box. I know I need to allow port 110 and 995 to masquerade of NAT (or something) and then the same for port 22

View 2 Replies View Related

Ubuntu :: Advanced User Settings / 'Connect To Ethernet And Wireless' Option Of The Advanced Settings?

Aug 12, 2010

I'm trying to create a user account for my children in Ubuntu 10.04

When creating their account, I have turned off the 'Connect to ethernet and wireless' option of the Advanced Settings.

However, when I log into their accounts, they still have full access to the internet through both the wireless and ethernet connections. Is this option for some other purpose?

Is there an alternate way to limit internet access for childrens' accounts in Ubuntu? (I'm used to MS Family Safety as a filter for internet access - is there an eqivalent for Ubuntu?)

View 2 Replies View Related

Security :: Security - Virus - Firewall Protection ?

Feb 23, 2011

I tried installing F-prot's linux scanner but it doesn't seem to want to install and I am tired of messing with it.

So I am wondering if I even need it or if there is something else.

I am behind a firewall already with my router if that helps any.

I guess I am having trouble understanding why virus protection is less necessary.

Do people not write viruses for linux systems?

View 7 Replies View Related

CentOS 5 Networking :: Configure Firewall - Allow And Forward All Traffic On Eth0 And Block All Traffic On Eth1 Except Ssh Ping

Sep 29, 2010

I need to set up my centOS computer as a firewall in my home network. Ive got 2 interfaces, eth0 and eth1. I want to allow and forward all traffic on eth0 and block all traffic on eth1 except ssh, ping(icmp) and DNS. How do I do this? Ive tried some editing in /etc/sysconfig/iptables but no luck.

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved