Security :: Block Computer From Connecting To A Specific IP Address?
Feb 13, 2010
I was taking a peek at the active connections shown by the Firestarter GUI and noticed the following (the source is my computer):
SourceDestinationPortServiceProgram
192.168.0.11266.235.133.4280HTTP
I closed all Internet related apps and the connection persisted. After a reboot it did not reconnect (yet).The IP address appears to belong to esomniture.com - some sort of web analytics company. How do I prevent my computer from connecting to these rascals. I have found a lot of documentation regarding stopping inbound connections to services on my computer but not the other way. I have various filtering addons installed in Firefox however, this connection seems to be at a lower level as no program is specified as being responsible for the connection.
View 8 Replies
ADVERTISEMENT
Feb 5, 2011
how to block a specific MAC address
View 2 Replies
View Related
Jul 27, 2011
I recently set up a web server at home, using a non-standard port, due to my ISP blocking 80. I just checked my log files, and I see a TON of entries indicating that a file was not found "proxy-1.php", "proxyheader.php", etc. I do not have these files, not intend to have them as part of my website. I did a whois looking by IP address for several of these, and they all seem to come from an ISP in China. Is there a way to BLOCK any IP address outside the US (that is somewhat simple to do?)
View 5 Replies
View Related
Mar 25, 2010
how to block any IP address who failed to connect more than 3 ssh?
View 5 Replies
View Related
Aug 26, 2009
I want to block some ip address that are attacking my server and making my ssh port busy. On searching the google, I found
Code:
iptables -A INPUT -s ip_address -j DROP
I will add this rule in iptables. My questions are:
1) do I have to do
Code:
chkconfig iptables on
so that it load the iptables at boot. I am wondering why do I need this because iptables is already modified and it loads the iptables at boot time if firewall is enabled.
2) When we add the above rule, which file is modified? Another way, where are this rules stored? It is not in /etc/sysconfig/iptables and /etc/sysconfig/iptables_config.
View 1 Replies
View Related
Apr 22, 2010
Is it possible somehow to block some bluetooth device with specif address (mac) ?
(like iptables block by mac)?
View 3 Replies
View Related
Apr 29, 2010
Is there a way of allowing only certain domain to send e-mails to certain specific e-mail address. I am using Sendmail, and I have an alias which translate to certain members of staff within my organization. I don't expect e-mails from outside our domain to be sent to this alias e-mail address.
View 1 Replies
View Related
May 8, 2010
I would like to COMPLETELY block a specific IP address using iptables. I found this one:
Code:
iptables -A INPUT -p tcp -s xxx.xxx.xxx.xxx -j REJECT --reject-with tcp-reset
Will this work? How do I undo the changes later?
View 2 Replies
View Related
Oct 1, 2009
I'm trying to configure our mail server to block email from a specific sender reaching a specific recipient. In other words, if one of our employees is getting harassed by a 'stalker', how would one go about blocking, at the MTA (Sendmail) level, a specific sender email address from reaching a particular users inbox? We do not want to capture the email - simply block it before it consumes server resources.The Sendmail server (MTA) is a front end to our Exchange server so no user accounts exist on the Linux server. We simply use it as a SPAM and Virus scanner then forward clean email to the Exchange server.
View 6 Replies
View Related
Sep 4, 2009
I hv Cent OS 5.3 installed as server. I hv a network of approx 100 desktops and laptops. For a security purpose i want to block certain laptops from gaining a the network access using dhcp. Can we block the ip address leasing if a specific MAC address request for a ip lease?
View 7 Replies
View Related
Feb 11, 2011
I've noticed in my Apache logs a lot of hits to a specific URL on my server. The thing is, the URL is invalid and returns a 404. Every hit has a different Agent ID (things like Windows NT 4 and IE 8, Mac OS and Safari, Windows 7 and Mozilla, etc) and usually a slightly different IP address. If you browse the URL with Chrome/Firefox, it gets reported as potential phishing activity - despite it only returning a 404 error.
I blocked a range of IPs with IPTables which worked for a while, but I can see the IP address has changed again (outside of the range I set) and is generating logs again.
Is it possible to automatically block any IP attempting to access this specific URL?
View 1 Replies
View Related
Jul 28, 2011
How to block unwanted sites.
View 1 Replies
View Related
Aug 24, 2010
In Iran there is a famous "access denied page" that redirects you to a strange page with a lot of HTML errors and lol, telling you RTFM about ridiculous Internet laws.I want to filter the contents of the page, because the page IP, URL, ... are all unknown.I don't know much about squid configuration scripts.I can read but cannot write
View 1 Replies
View Related
Jul 9, 2011
Recently I discovered that we were accidentally running a POP server (port 110), when we only should have been running the encrypted version thereof (port 995). This wouldn't have been a problem if the port was blocked in the first place. I had wrongly assumed that any port NOT specifically listed in one's firewall rules (CentOS 5 with default iptables installation) would be blocked. I thought you had to add a rule to /etc/sysconfig/iptables in order to open up a port. Apparently this is NOT the case. So is it true that if I install some random software that starts listening on any number of ports that I have not specifically mentioned in /etc/sysconfig/iptables that it will not be blocked - it will work right away?
Anyway, I guess two questions:
1) What's a generic way to block a specific port? I use rules like this to "open" ports (although is this not needed if they're open anyway?)
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 995 -j ACCEPT
What's the analog of this kind of rule to *block* a port?
2) Is there a better way to configure iptables to block all ports that are not mentioned in its configuration? Is that dangerous? (will it block things that I don't want to block?)
View 3 Replies
View Related
Jun 10, 2010
prohibit execution of any program include shell command, only be profiled program could be executed, can apparmor do that?
View 5 Replies
View Related
Jun 19, 2010
I run the openssh daemon on port 22 and have the proftp running on port 21. I would like to block SSH for a specific user.I use proftpd.I would like to prevent the SSH access for this user and leave the FTP working for this user specific.Into /etc/passwd, I tried to change the /bin/bash to /bin/false, but this blocks both SSH and FTP access for this account.
View 3 Replies
View Related
May 19, 2010
I'm trying to block specific websites, preferably using a portion of the url.
For example, if blocking [url], [url] would also be blocked. This implies that simply blocking a single IP using iptables would not work well.
The names to block will be somewhat dynamic, so a list specification would be ideal.
In my case, the LAN has a mix of linux and ms machines, and they all use a linux gateway currently running dnsmasq.
I find suggestions from using /etc/hosts (might work with yp, but not ideal) on the gateway machine, through to using squid on the gateway machine.
View 9 Replies
View Related
Jul 15, 2011
What I want to do is from a file having block like
<event>
8 3 0.2685416E-02
2 -1 0
21 -1 0
[code]...
The first line after the "<event>" is its process-id, so I would like to have at the end a summary of how many "event" block I have for each type, ie how many
6 1 0.2685416E-02
or how many
7 2 0.2685416E-02
etc etc
I do not know in advance how many different-kind of block I will have, so it has to be a bit smart to scan the file, and make an new "summary" info for each unique type I was using something like
awk '/<event>/,/</event>/{if ($3 -eq 0.2685416E-02 ) { print $1" "$2" "$3}}' file > out
and then
grep -c "$1" "$2" "$3" but with no success since my awk commands prints all lines of each block
Suppose, that in advance I do know the $3, ie the 0.2685416E-02 which is a kind of weight
View 8 Replies
View Related
Sep 14, 2009
Im an academic (university networks and security lecturer) studying/teaching network and operating system security, and inspired by the work of Hovav Shacham set about testing ASLR on linux. Principley I did this by performing a brute force buffer overflow attack on Fedora 10 and Ubuntu 9. I did this by writting a little concurrent server daemon which accidently on purpose didnt do bounds checking.
I then wrote a client to send it a malicious string brute forcing guessed addresses which caused a return-to-libc to the function usleep with a parameter of 16m causing a delay of 16 seconds as laid out in [URL] Once I hit the delay I new I had found the function and could calculate delta_mmap allowing me to create a standard chained ret-to-libc attack. All of that works fine. However .... To complete my understanding I am trying establish where I can find the standard base address for ubuntu 9 (and other distros) for the following, taken from Shacham:-
Quote:
[code]....
/proc/uid/maps gives me some information but not the base address ldd also gives me the randomised starting address for sections in the user address space but neither gives me the base address. Intrestingly ... when a run ldd with aslr on for over (about) 100 times and checked the start point of libc I determined that the last 3 (least significant) hex digits were always 0's and the fist 4 (most significant) where between 0xB7D7 and 0xB7F9. To me this indicated that bits 22-31 were fixed and bits 12-21 were randomized with bits 11-0 fixed. Although even that doesnt define the boundaries observed correctly.
Note: I am replicating the attack to provide signatures to detect it using IDS, and for teaching purposes. I am NOT a hacker and if needed to could reply from my .ac.uk email address as verification.
View 1 Replies
View Related
Apr 23, 2010
Consider a situation in which you want to display only specific lines of contents from a file or of a command's output. Yes, we have head and tail commands. But, how to view all the lines of a file except the last one or vise versa when we don't know the count of lines in advance?
Consider this output:
Code:
[root@localhost ~]# ps au | grep bash
root 6316 0.0 0.0 4672 1440 tty1 Ss+ Apr22 0:02 -bash
root 20847 0.2 0.0 4672 1432 pts/0 Ss Apr23 0:12 -bash
root 21167 0.0 0.0 3920 660 pts/0 S+ 01:00 0:00 grep bash
Here, I don't want the last line (in italic) to be included in the result since the last line is due to "grep bash" in the devised command "ps au | grep bash". Well, we can rewrite the devised command:
Quote:
"ps au | grep bash | head -n 2"
But, again, here we are specifying the count of lines to be included. But, in the presented problem we don't know any count in advance!
View 6 Replies
View Related
Jun 7, 2010
i want to find ip address of other computer which are connected in LAN..suppose ther are 5 compter in LAN and i want to find ip of all remaining 4 computer using my computer only in command or any other way is ther....
View 4 Replies
View Related
Mar 21, 2010
A couple of weeks ago, I completed a system upgrade that was motivated because I have to deploy Windows 7. I have to deploy it because my Windows development environment is getting very long in the tooth, and I have to become current again for a project of mine that is underway. So, yesterday, I deployed Windows 7 Professional in VMware 7 hosted on Mandriva 2010. With my new upgrade, I have a very capable quad-core athlon system with an NVidia 240GT video card, and it runs Aero quite nicely in the virtual machine. I do have to say that Windows 7 looks nice and isn't too annoying to use, except - of course - when I need to dig into it to change some setting or another.
Now, on Windows, for many years I have used Zone Alarm firewall rather than the Windows firewall, because ZA monitors and controls outgoing connections. I have used this on both my Win2K development system (virtual machine) AND my Win XP laptop to keep microsoft applications (notably media player) from calling the mother ship when I didn't think they should. It has worked well. So one of my first actions was to download the newest copy of ZA free firewall and deploy it on Windows 7, after disabling the Windows firewall. Well guess what. ZA doesn't stop Windows from calling the mother ship. I have all settings on ZA set to "ask" before allowing anything to contact the net, but I've been playing with some multimedia things and the microsoft software has been talking on the internet as happy as you please, and ZA hasn't asked me a single time if it could do so.
Of course, when I ran a few tests with ping and tracert, ZA asked me. Also, I had to fiddle with ZA settings a bit to get the Windows 7 to successfully talk to my LAN. But when Windows 7 wants to talk to microsoft, it talks regardless of what ZA says. Well, when you get down to it, this is one reason I have Windows running in a VM...I WILL be in control, regardless of what microsoft wants. Does anyone know of a tool that I could use from Mandriva to prevent a VMware client from talking to a website? I'd like to be able to easily enable/disable it so that I can let Win 7 talk to microsoft when I need for it to do so, but no other time. I'm using bridged networking in VMware so all my virtual machines have their own IP addresses, but of course all of them (as well as my host Linux system) go through the same network adapter. It seems to me that iptables would have to work for this, but I'm not at all sure how to set it up to do it given the bridge.
View 5 Replies
View Related
May 25, 2010
how to block PC in Squid using Mac Address. I tried as in /etc/squid/squid. conf
acl block arp 00:13:45:d3: 24:e4
https_access deny block
but it give me error as like: - (This is the output of # squid -k parse) aclParseAclLine: Invalid ACL type 'arp' FATAL: Bungled squid.conf line 1234: acl block arp 00:13:45:d3: 24:e4 squid Cache (Version 2.5.STABLE6) : Terminated abnormally
View 4 Replies
View Related
May 14, 2015
I'm looking forward to know how to connect to a remote server through SSH but from a specific port, so I con drop connections from random ports that's not the one I choose. Is this possible?
I have tried by setting up an iptables entry to forward output through both, PREROUTING and OUTPUT (one at each time, flushing when I can see that it's not working), in NAT table, so I can connect doing ssh localhost
Code: Select alliptables -t nat -I OUTPUT -p tcp -s 127.0.0.1 -d 127.0.0.1 --dport 4141 -j DNAT --to 192.168.1.2:4040
Unfortunately, it is not forwarding as I'd like.
I want to do this because I think that doing this will enhace the security, dropping connections of clients that are trying to connect from not allowed ports. I have already set up fail2ban and created SSH keys, not allowing to login with password, only key allowed. Will only allowing connections from a specific port will enhance the security or not really?
View 4 Replies
View Related
Aug 18, 2011
I get assigned an IP from the university's server. Every now and then, a student will plug in his router to the network trying to get wifi in his/her room.
And by doing so will start assigning IPs on the network, while rendering useless the university dhcp server, which has to cope with a higher number of pc's.
How can I specify to dhclient (or the linux system in general) NOT TO obtain IP addresses given by a specific mac address ?
View 7 Replies
View Related
Sep 1, 2011
I want to block the Mac address in adhoc network to check the behaviour of the aodv protocol.Is there any other utility available for this purpose rather than Mackill..?
View 1 Replies
View Related
Jun 21, 2011
I have set up a couple of postfix servers for my domains, but the only thing I am missing now is this: How to block the public sending mail from my email to my email? I have managed it with SPF, but surely there must be a better way, that returns "relay not allowed" to the client. The SPF method costs too much, since it must make a dns request for each mail. So far, I have not gotten many of these mails, unless when testing my mailserver, but as I see it, anyone should not be allowed to send mail from abuse@mydomain.com to abuse@mydomain.com.
Somebody must have thought about this a long time ago, and there is simply that little line in main.conf that I'm missing.. My setup is this (virtual): I have a primary mx, with postfix, courier IMAP/POP3 server, a user database, and sasl via saslauthd. I also have a secondary mail server (backup mx) with no sasl auth, but with a copy of the mail users in the virtual tables, but added as relay_* users instead.
Spamassassin and SPF testing is replicated too, so most of the stuff should work, but I simply cannot find a setting in Postfix that denies someone to mail FROM my address TO my address. When mailing from my address and out in the open, they are required to authenticate, but not when using one of my my domain addresses, and also targeting my domain addresses.
As said, It is possible with a strict SPF setting, but that is at a cost for every lookup. It would be quicker for postfix to lookup the sender and the recipient in the relay/virtual tables, and deny if both addresses were in the recipient tables, and sender is not authenticated.
View 5 Replies
View Related
Oct 14, 2010
Something strange with my firewall i used firestarter I dont know why i cannot ping outside on a specific IP address here is my setup. I have IP from ISP
119.92.56.77 - eth0
192.168.50.1 - eth1
with DHCP features from 192.168.50.1 - 254. my problem is i cannot ping this specific IP address which is 119.93.232.234 if you can try there and pinging is ok but here cannot because that IP address (119.93.232.234) they used that to connect to our openvpn which is the IP is 119.92.56.78 <---- this system linux(centos) or IP has no firewall enabled. meaning i separeted this connection. which my setup is like this for OPenVPN
[code]...
View 1 Replies
View Related
Jun 15, 2010
can we block email address in a way that a user cannot login into multiple systems simultaneously, so that if a user logs in into a system (with ip address 192.168.1.22)and if he tries to login to into another system at the same time(with ip address 10.0.0.5) his previous system(i.e 192.168.1.22) has to logout automatically. Is there any predefined scripts for this.
View 2 Replies
View Related
Jan 12, 2010
i have problem with my configuration iptables, i have configured for transparent like this,
for masquerade -> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
for transparent -> iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 3128
how to make a rule if there 1 address i dont want to redirect to port 3128? in other words 1 specific address just run on port 80.
View 3 Replies
View Related
