Security :: Blocking A Specific IP Address From Server?

May 8, 2010

I would like to COMPLETELY block a specific IP address using iptables. I found this one:

Code:

iptables -A INPUT -p tcp -s xxx.xxx.xxx.xxx -j REJECT --reject-with tcp-reset

Will this work? How do I undo the changes later?

View 2 Replies


ADVERTISEMENT

Server :: Blocking Dhcpd Address Lease For Specific MAC Address?

Sep 4, 2009

I hv Cent OS 5.3 installed as server. I hv a network of approx 100 desktops and laptops. For a security purpose i want to block certain laptops from gaining a the network access using dhcp. Can we block the ip address leasing if a specific MAC address request for a ip lease?

View 7 Replies View Related

Fedora Security :: Blocking And Allowing IP Address For FTP?

Jul 15, 2010

I want to ask about securing the FTP connection... I have one server that Installed with Redhat Linux Fedora 6.

And now, i want to securing the FTP access, so only the selected IP will be allowed to connect. Do anyone know how to do this?

Another thing is, my server using Webmin 1.3 to manage the server and there not installed / not configured yet with Frox FTP, ProFTPD Server, WU-FTP Server... even there is such thing in my Webmin...

Can i make use one of the three FTP i mention above, and if yes, will it be affecting the current FTP access?

View 1 Replies View Related

Fedora Security :: Blocking Ip Address Range?

Dec 31, 2010

I'm assuming that the following should block the complete 178.123.xxx.xxx address range.

Code:
iptables -I INPUT -s 178.123.0.0/24 -j DROP
Then I believe that I need to save this change.

Code:
service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]

However, I'm not so sure that it is actually working based on the fact that there continues to be access to my wiki from that address range. The following is after I made the firewall change.

Quote:

178.123.177.61 - - [31/Dec/2010:04:24:40 -0500] "GET /mywiki/Opera%20Web%20Browser?action=edit&editor=text HTTP/1.1" 200 6346 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
code....

Let me state that I'm new at this iptables thing. I did some reading and decided that I need to make the above change to the firewall but it doesn't seem to make a difference.

View 12 Replies View Related

Security :: Blocking An Ip Address Range Within Iptables?

Mar 30, 2009

I am setting up a iptables firewall on one of our servers, and I would like to block a range of addresses from getting into the system. I am using a script that does a BLACKIN and BLACKOUT methodology for specific addresses. One example is the following:

Code:

$IPTABLES -A BLACKIN -s 202.109.114.147 -j DROP
...
$IPTABLES -A BLACKOUT -d 202.109.114.117 -j DROP

What would be the correct syntax to use if I wanted to block an entire remote subnet from getting into the server?

View 4 Replies View Related

Server :: Blocking IP Address For Fake Users?

Feb 4, 2011

How to block an ip address from mikrotik so that when a fake user use this ip he doesn't get internet but in the mean time real user gets internet. Real user will not harm if fake user trying to access.

View 3 Replies View Related

Server :: Blocking Mac Based Address In Squid?

Apr 6, 2011

I need to block mac address in my network then i foolowed as below acl's but am getting output as follows I tried as in /etc/squid/squid.conf acl block arp aa:aa:yy:yy:xx:xx http_access deny block but it give me error as like: - (This is the output of # squid -k parse) aclParseAclLine: Invalid ACL type 'arp' FATAL: Bungled squid.conf line 1234: acl block arp aa:aa:yy:yy:xx:xx squid Cache (Version 2.5.STABLE6): Terminated abnormally.

View 7 Replies View Related

Security :: Block Computer From Connecting To A Specific IP Address?

Feb 13, 2010

I was taking a peek at the active connections shown by the Firestarter GUI and noticed the following (the source is my computer):

SourceDestinationPortServiceProgram
192.168.0.11266.235.133.4280HTTP

I closed all Internet related apps and the connection persisted. After a reboot it did not reconnect (yet).The IP address appears to belong to esomniture.com - some sort of web analytics company. How do I prevent my computer from connecting to these rascals. I have found a lot of documentation regarding stopping inbound connections to services on my computer but not the other way. I have various filtering addons installed in Firefox however, this connection seems to be at a lower level as no program is specified as being responsible for the connection.

View 8 Replies View Related

Networking :: Unwanted Blocking Ip Address And Session Log Out In Ubuntu 10.04 Server

Jun 29, 2011

I have UBUNTU server 10.04 LTS with 3 NIC "eth0" local and eth1,2 as internet connection and it acts as firewall, http proxy and samba file server ,I installed Zentyal panel manager for my server for easier management I did not configure any specific rule for my firewall but I have some problem with my clients who wants to connect to my server as gateway or as file server even my self experienced these problems too. these problems are as follow:

1. some time for a few minutes (maximum 10 minutes) my server block some of my clients to access it or internet but just for minutes but it is very annoying.
2. all of my clients those who login to an https servers or login to their mail or those who has some software like team viewer say that they are logging out from their session randomly I mean some of them logging out from their mail(yahoomail or googlemail ) or disconnecting from teamviewer connection or as I saw team viewer disconnecting for a few seconds and then comes back again. but I did not set any thing in my firewall or other services. this is my complete iptable rules:

View 9 Replies View Related

Server :: Deny Specific Address From At Postfix?

Jun 30, 2010

I have create distro groups in zimbra and have add member sin there. when i connect an account on mapi etc. [URL] i have create a persona in order client to send from [URL] rather than [URL] How can i restrict inside postfix to relay using [URL]?

View 1 Replies View Related

Debian Configuration :: Use Specific Address For Dhcp Server?

Apr 27, 2011

I'm running gnome desktop on squeeze system. When I boot my system seems to be using my internet modem as its dhcp server. The rest of the machines on my lan are correctly using my router for that purpose. As a result, what happens then is that my debian machine frequently gets a duplicate ip address assigned to it. I would like to specify to my debian computer that I want it to use the specific fixed ip address of my router for dhcp purposes.

View 9 Replies View Related

Server :: Redirect / Forward Mail To Another User From Specific Address?

Jun 30, 2009

I wish to intercept/forward emails that is sent to one user on multi user mail server.I only want email from one specific address or group,to be redirected and it will be redirected to another user on same server.The email should not arrive in original users inbox.".forward" file can not give me such solution,because ".forward" file will forward all mails to another specific mail id,which i don't want. I want only specific users mails onto another local user.Is this possible in sendmail?Anybody have clear idea of "virtusetable" & "aliases" file?

View 1 Replies View Related

General :: Blocking Specific Webpage Not The Whole Domain For All DNS Client?

Jan 3, 2011

company has asked to block some pages on google.co.in. i can not block the entire domain.is there any way to block specific webpage like

View 2 Replies View Related

Software :: Does Blocking IP Address Saves Bandwidth?

Jun 18, 2010

I have one server that has Asterisk running.On front of that, I use DD-WRT router as gateway. As I have checked the log files, I saw that there is a specific IP Address that is continuously accessing the application and trying to authenticate to SIP with a series of extensions. This is like DoS attack for SIP. What I did was to block/drop the IP in DD-WRT using the iptables. I can see from the /proc/net/ip_conntrack that it is being "UNREPLIED". But my concern is that does it still uses a lot of bandwidth even though it is already being blocked?

View 14 Replies View Related

CentOS 5 Networking :: Restrict User "admin" To Login To The Server From A Specific IP Address?

Jun 9, 2009

i am using openssh 5.2-p1, i want to restrict user "admin" to login to the server from a specific IP address, for this purpose i have tried the following blocks in sshd_config file.Following is the part of the sshd_config file which i have modified

#The following commands will only allow specific IP to login to ssh.

#AllowUsers admin user1 user2

#AllowGroups

# override default of no subsystems.Subsystem sftp internal-sftp

Match Group sftpgroup
ChrootDirectory /home
AllowTCPForwarding no[code].....

i want to restrict admin user to login to the server only from 172.16.100.221 IP which can be done by using AllowUser line, but i dont want to use AllowUser line,

View 1 Replies View Related

Server :: Block Email From Certain Group To A Specific Email Address?

Apr 29, 2010

Is there a way of allowing only certain domain to send e-mails to certain specific e-mail address. I am using Sendmail, and I have an alias which translate to certain members of staff within my organization. I don't expect e-mails from outside our domain to be sent to this alias e-mail address.

View 1 Replies View Related

Security :: Iptables - Limit Access To Port 8443 On Server To 2 Specific IP Addresses

Dec 23, 2010

I'm trying to limit access to port 8443 on our server to 2 specific IP addresses. For some reason, access is still being allowed even though I drop all packets that aren't from the named IP addresses. The default policy is ACCEPT on the INPUT chain and this is how we want to keep it for various reasons I wont get into here. Here's the output from iptables -vnL

[Code]...

Note the actual IP we are using is masked here with 123.123.123.123. Until I can get everything working properly, we're only allowing access from 1 IP instead of 2. We can add the other one once it all works right. I haven't worked with iptables very much. So I'm quite confused about why packets matching the DROP criteria are still being allowed.

View 10 Replies View Related

Security :: The Server Was Hacked From So Called Tor IP Address?

Nov 14, 2010

I always use professional services to secure my servers. Everything was fine for years but a week ago my server got hacked.I don't know how the hacker got my username/password - it was not something like admin, password.9 months ago my PC was infected with some virus which connected to the FTP server by using password which was saved in CuteFTP and infected all index files with some javascript. Then I changed the user/FTP password and didn't save it anymore in Cute FTP. Of course, I checked all the folders and re-uploaded all infected files. Is it possible that this virus uploaded some hidden file which was able to get the new password for this account?

The server was hacked from so called Tor IP address. I am tiref of worrying about server security and now have an idea to get a static IP address from my ISP and to allow logins only from this IP address. What do you think about it? This idea looks good for me but are there any risks to lose access to the server. Can ISP provider change the static IP address for some reason?

View 9 Replies View Related

Server :: Dropping All Email For Specific Email Address?

Jun 12, 2011

I have a user who was getting constantly spammed so I deleted their email account but it's still coming in and trying to get delivered, how do drop all email for a specific email address?

View 4 Replies View Related

Fedora Security :: Block Some Ip Address That Are Attacking Server?

Aug 26, 2009

I want to block some ip address that are attacking my server and making my ssh port busy. On searching the google, I found

Code:
iptables -A INPUT -s ip_address -j DROP

I will add this rule in iptables. My questions are:
1) do I have to do

Code:
chkconfig iptables on

so that it load the iptables at boot. I am wondering why do I need this because iptables is already modified and it loads the iptables at boot time if firewall is enabled.

2) When we add the above rule, which file is modified? Another way, where are this rules stored? It is not in /etc/sysconfig/iptables and /etc/sysconfig/iptables_config.

View 1 Replies View Related

Ubuntu Security :: Restrict Root Logons To The SSH Server To A Single Ip Address?

Feb 26, 2010

Is it possible to restrict root logons to the SSH server to just a single ip address (or maybe a range?) I have other users connecting to the server daily so restricting ALL access to a single ip i cannot do. I need root enabled (for my own reasons) but want to lock it down a bit more.

View 9 Replies View Related

Security :: Address Space Randomization On 2.6.28-15-generic Ubuntu 9.04 - Finding Base Address?

Sep 14, 2009

Im an academic (university networks and security lecturer) studying/teaching network and operating system security, and inspired by the work of Hovav Shacham set about testing ASLR on linux. Principley I did this by performing a brute force buffer overflow attack on Fedora 10 and Ubuntu 9. I did this by writting a little concurrent server daemon which accidently on purpose didnt do bounds checking.

I then wrote a client to send it a malicious string brute forcing guessed addresses which caused a return-to-libc to the function usleep with a parameter of 16m causing a delay of 16 seconds as laid out in [URL] Once I hit the delay I new I had found the function and could calculate delta_mmap allowing me to create a standard chained ret-to-libc attack. All of that works fine. However .... To complete my understanding I am trying establish where I can find the standard base address for ubuntu 9 (and other distros) for the following, taken from Shacham:-

Quote:

[code]....

/proc/uid/maps gives me some information but not the base address ldd also gives me the randomised starting address for sections in the user address space but neither gives me the base address. Intrestingly ... when a run ldd with aslr on for over (about) 100 times and checked the start point of libc I determined that the last 3 (least significant) hex digits were always 0's and the fist 4 (most significant) where between 0xB7D7 and 0xB7F9. To me this indicated that bits 22-31 were fixed and bits 12-21 were randomized with bits 11-0 fixed. Although even that doesnt define the boundaries observed correctly.

Note: I am replicating the attack to provide signatures to detect it using IDS, and for teaching purposes. I am NOT a hacker and if needed to could reply from my .ac.uk email address as verification.

View 1 Replies View Related

Ubuntu Security :: How To Check What The UFW Is Blocking

Mar 26, 2010

I can see what Firestarter is blocking in the Firestarter/Events tab, but after reading all the man pages of UFW, I still don't know how to check what the UFW is blocking.

View 9 Replies View Related

Ubuntu Security :: Ufw Not Blocking Ports?

Apr 1, 2010

After reading a lot about networking and security I decided to check the security of my own ubuntu box. So I went installing Nmap and discovered that port 139 was "open". Since I 'd read how to use ufw I created a deny rule for port 139. After a second scan with Nmap it still said that port 139 was open as shown below.

[Code]...

View 9 Replies View Related

Ubuntu Security :: Firestarter Keeps Blocking Ip's?

Mar 8, 2011

im having a bit of a problem with Firestarter, i have Transmission opened and i am downloading a movie but when i check Firestarter i see hundreds and hundreds of Ip's that are blocked, and like 10ip's every second that get blocked.

[Code].....

View 2 Replies View Related

Ubuntu Security :: Ufw Is Blocking Some Port 80 And Should Not?

Apr 15, 2011

I have the default to deny all. The only rule I have in there is:

Code:
To Action From
-- ------ ----

[code]....

View 4 Replies View Related

Ubuntu Security :: UFW Is Blocking Connections Even Though It's Set To Allow For In/Out

Aug 1, 2011

I might be misunderstanding the log but it looks like UFW is blocking connections. I want to allow all incoming and outgoing. I guess what I'm saying is that the servers on my computer will open ports but all other ports should respond with closed just like a default Ubuntu install. Trying to use UFW to monitor connections without really doing any firewalling.

Code:
Aug 1 07:14:07 universal-mechanism kernel: [311111.963762] [UFW BLOCK] IN=eth0 OUT= MAC=00:1f:c6:8a:e9:66:00:01:5c:32:f4:c1:08:00 SRC=72.21.203.146 DST=174.44.178.56 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=51984 DF PROTO=TCP SPT=80 DPT=54466 WINDOW=8201 RES=0x00 RST URGP=0

View 2 Replies View Related

Security :: Blocking Web Content With Iptables?

Aug 8, 2010

Is possible blocking web with content for adults with iptables?

View 3 Replies View Related

Security :: Logging/Blocking LAN Traffic?

Apr 26, 2010

Where I work we have a lan, it is almost 100% windows machines except for 2 CentOS machines in which some clients connect to, via VPN. (very small network, <50 ip's used)

I would like to know if there is a way to block access from that machines to others in the network. I'm already logging traffic (with IPTraff) to see if they're accessing other machines in the network others than the ones they should connect.

View 7 Replies View Related

Security :: Red Hat SeLinux Is Blocking Ssh And Http?

Feb 3, 2011

When I turn on my SeLinux to enforcing mode on my Red Hat system ssh stops working and my http server stops responding.

I went into the SeLinux GUI and enabled things in there but still it wont work.

Any thoughts on what to check?

permissive mode and disabled they work

I read several articles that say it should not be affect by SeLinux and the setting look correct but the only thing I do is turn on SeLinux and ssh /httpd stop working

ps -eZ | grep sshd
system_u:system_r:unconfined_t:SystemLow-SystemHigh 432 ? 00:00:00 sshd
system_u:system_r:unconfined_t:SystemLow-SystemHigh 2426 ? 00:00:00 sshd
[root@goxsa1340 ~]# ps -eZ | grep httpd
user_u:system_r:httpd_t 3044 ? 00:00:00 httpd

[Code].....

View 11 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved