i need to do a statefull firewall actually i try the ESTABLISHED state but as we know that some people can play with the TCP header so i want to do a "connection track" state, they told me in mangle but i didn't find can someone paste for me a link about "connection track" or write for me rule for ex: to make connection track for port 80!
View 4 RepliesI am running a ubuntu server for home use and am currently hosting a website for testing urposes I am worried because I have to leave my port 80 open for this to work. an Idea I have is to make it that port 80 is read only.
View 9 Replies View Relatedi tried my best andwrite all the commands given below. but port 27000 is not in listening state.Note: I spoofed MAC address (change MAC address)on this MAchine.here is my iptables file.
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
[code]....
I'm starting to like making bash scripts. It's kewl making creative ones. Right now I'm trying to make a bash script that will open up port 23 for a netcat connection. Once there's a connection, I'd like for the script to open up xmms and play a sound effect, as well as echo a txt file to the desktop saying that a connection was made at this specific time. When I execute the script, it stops exection at the first line. So far I have this:
sudo nc -lvnp 23
while [ 1 ]
do
[code]...
I am at a loss how to prevent Denial of Service attacks to port 25 and not block legitimate connections from 2 Barracuda 800(s) and block smart phones such as iPhones/Blackberrys/iPhones that use the server smtp.server.com for email.
Presently for port 25
RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
The 2 Barracuda 800(s) make port 25 connections all the time, plus users with smart_phones have the incoming server type:
IMAP
pop.server.com
smtp.server.com
Is there a way to keep Denial of Service attacks from happening with iptables rules without causing blocking to the Barracuda(s) that make constant port 25 connections & smart phones that poll? I was thinking if I allowed the Barracuda(s) in these lines
-s (barracuda)24.xx.xx.xx -d (emailserver)24.00.xx.xx -p tcp -m tcp --dport 25 -m state --state NEW -j ACCEPT
Where the source would be the Barracuda going to the email server. It would be allowed, then I am left with how to allow other connections like Smart_Phones that connect via Port 25. I am thinking if I put rules in place doing connection counts in a minute it would result in errors connecting to the server and people would start complaining. Plus any limiting may result in blocking real traffic. Then would I need to allow the ISP range in the above example to accept port 25, I am still left with how to drop a flood/denial of service attack.
When I try to ssh into my other ubuntu machine I get an error that says "port 22 connection refused" . I have been hunting around for an answer but can't find any.
View 1 Replies View Relatedwhen I am run:
ssh -v "login"@"server"
I get:
OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to server ["address"] port 22.
debug1: connect to address "address" port 22: Connection timed out
ssh: connect to host "server" port 22: Connection timed out
I suppose this is because I am connecting from a public institute where there is a firewall that is blocking an outbound connection on port 22.Is there anyway I can bypass the firewall using the internet ?
What do you use to track security incidents? open source software that does this?
View 8 Replies View Relatedi want if a port (exp. 1001) have 20 connections that the next new connection forword to an other port (exp. 1002).
View 2 Replies View RelatedI have joined a number of websites over time and it seems harder to manage them. Would like advice on how to generate passwords and to store and keep track of them. I would like to hear of systems or programs that are good for this.
View 5 Replies View Relatedhow can I track a Dos and DDoS attack on a server . Does linux have any goiod known command line utilities and log files to us e in this way?
View 1 Replies View Relatedi am running ncat (netcat's new version from nmap) on centos . I am listening on different ports. My question is , is it possible that when a connection is received on a port say 123, i redirect this connection to a different port and use the 123 port again for listening connections. ncat has an option -k which u can add with -l , it will force fully listen on the port. It can accept multiple connections on a single port but i want that once a client connects on to 123 port, he is forwarded to some other port and no longer on 123.
View 4 Replies View Relatedsudo ssh -L 750:192.168.123.103:873 username@192.168.123.103It does exactly what it's supposed to do, but how do i edit / remove this rule?Is there some config file where i can alter the forwarding? How does it get stored?Im using Ubuntu 10.10Server Edition (allthough i recon it would be pretty much the same across all versions
View 5 Replies View RelatedIs there any way to verify if packets being trafficked over a certain port are valid for the service you want to use this port for?
One obvious example that probably clarifies my question:
When I open port 443 (outgoing or incoming) for https/ssl traffic, I don't want this port to be used for say openvpn traffic.
Thus: when someone wants to surf to a website with https, it should be ok but if someone wants to connect to his home openvpn server over that same port, it should be blocked.
I'll explain this in one sentence: Is it possible to program a port-binding shellcode in which people across the Internet can connect to, without being thwarted by the router blocking their data because the port its bound to doesn't allow port-forwarding
View 2 Replies View RelatedI am trying to find a best tool to track configuration files changes. I did find some information about osec and mactime, but, it seems, that they are not included in fedora/rpmfusion package databases. is there any tool that can be installed as a package?
View 8 Replies View Relatedi have an embbeded hardware that uses bootp for booting from a Network Managemnt Host (NMH)on the same ethernet. The embedded hardware has both kind of ports i.e ethernet as well as E1/T1. I would like ask, what do i require to establish a communication-link between the embedded hardware and the NMH throuh E1/T1 ports of embedded hardware, so as to make it boot through from E1/T1. Further, NMH possesses only ethernet port. Just to refine my questions i'd like to know what additions do i need to do on my NMH , like may be i have to put an E1/T1 port or is it possible that the E1/T1 port can be directly connected to an ethernet port on the other host.
pardon me if i am not making absolute sense here as my knowledge is limited on Layer 1 and layer 2.
How can I track IPsec module's operations? Can I find such a log file or entries in Linux?
View 1 Replies View RelatedAs it stands I have a small home network operating behind my modem/router. Some of the ports on this are forwarded to my PS3 for gaming but I was looking at forward some for my file server.
At the moment I've forwarded port xxx22 to port 22 on my server for SSH for instance. ANd similarly 21 for FTP (although it doesnt seem to want to connect for any more than a few seconds using that). What I was thinking of doing was placing a small website for a handful of ppl to use on the server too and port forward again - xxx80 to 80. It works just fine but I'm a little concerned on the security front.
As I've moved the port to something different from the outside world I'm presuming I will have already cut the potential for malicious folks to wander in but is there anything else I should be doing? At the moment there's no firewall operating on the server, usually as its hidden behind the modem/router. But if I open this thign up more permanently what should I be doing? I've read a few articles on it but I'm always left with the overwhelming thought of "Thats if theres no firewall in my router" as they just seem to do the same.
I use ubuntu 9.04 and up until this week I could burn CDs using Brasero disc burner without incident. I have partially fixed the problem. I can now use brasero to burn data discs that have wave files for the songs, but when I try to make a audio disc I get this: "Track 1.wav" could not be handled by Gstreamer. I use synaptic and installed some more libs, but to no avail. Should I just install everything in Synaptic for Gstreamer?
View 1 Replies View RelatedI am running an Ubuntu Server on a VirtualBox VM running on my windows machine. So I've created a self-signed certificate using the following tutorial: [URL]
From this tutorial I'm left with 3 files:
server.key
server.csr
server.crt
Then I found this very similar tutorial that has an extra bit on installing the certificates in apache: [URL] So I followed it's instructions which boil down to this:
[Code]...
So I'm thinking this should work now. However in Chrome I get: SSL connection error Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have. Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error. IE8 gives me a typical "Internet Explorer cannot display the webpage" Note that [URL] fails while [URL] works fine, so it's definitely something in my ssl setup I'm thinking.
I can make a connection to the vpn server, the connection starts, but nothing happens! My IP address remains the same as previous! There is nothing added to my Knetworkmanager, I'm a beginner I should use a pcf file for my vpn connection. I use it properly, I'm sure because the connection starts and an icon is added to my panel and remains until I disconnect.
I checked it via ifconfig -a, the last part (which is for vpn) is:
Code:
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:141.213.169.76 P-t-P:141.213.169.76 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1390 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
I'm just curious as to what security measure's I should be taking to make my box a little less vulnerable? I'm still experimenting/playing with Linux, use the net, IM, download this and that and was wondering how secure fedora 10 was out of the box?
View 12 Replies View RelatedLinux printing appeared to be working fine up until yesterday. Today typing lpq gives the following: lpq Printer 'sdst@other.domain' - cannot open connection - Connection timed out Make sure LPD server is running on the server
The /etc/cups/printers.conf file is properly set, the printers appear in localhost:631 and they are printing test pages. However, all command line print commands seem to be trying to print to sdst@other.domain I don't know why printers.conf is being ignored and why and how sdst@other.domain was added. Seems like it might have been auto-discovered?
# dit: sdst@other.domain was mentioned in /usr/local/etc/lpd.conf I'm not sure why lpd.conf is being used instead of /etc/cups/printers.conf
I have a server (192.168.1.9) in my network that is running a http server on port 5000. This server port have been opened (on my router 192.168.1.1) to be available from my public IP (on port 80).
I have recently installed openvpn to connect to a vpn, but I'd like to keep my http server available from my public IP (no need to have it available to the VPN network).
I'm completely lost and I don't know where to start ...
Here are some details about the route configuration :
Code:
I get a connection refused error whenever I attempt to connect to a remote ssh server, I tried the test at and it says outbound ssh port 22 is not being blocked. I'm wondering what else could be the problem.
View 3 Replies View Relatedi have two PCs A and B, both are connected via LAN PC A Configuration is
IP Address 10.102.6.232
Broadcast Address 10.102.6.255
Subnet Mask 255.255.255.0
Default Route 10.102.6.2
Primary DNS 144.16.192.55
[Code]...
I am trying to connect B from A using command shh -X devendra@144.16.205.236, and facing error like ssh port 22 connection timed out.
I've a strange situation in my network: pcs gatewayed to another network, then a proxy, then a firewall.pcs --> router --> cloud --> router --> proxy --> switch <-- fw --> Internet(router, proxy and fw are alla connected by the switch)Some months ago the situation was: pcs --> router --> cloud --> router --> switch <-- fw --> Internet.There was a static route in the router that gatewayed the packets to the firewall, but that route has been deleted, and I cannot reinsert it because I've not access to the routers, so we have to use a proxy to go to Internet, and we have the configuration of all pcs (Windows XP) with the fields "proxy" filled.The proxy ha only one NIC gatewayed to the firewall, and Ubuntu and squid installed, but we have some problems:
1. we cannot use email, so how can we make port 110 and 25 packets pass?
2. squid seems to slow down, so can we uninstall it and route all the traffic directly to the firewall to speed up?
having a port 22:connection refused problem with SSH. None of what I have read has been what I have been experiencing, so I figured I would post here. The worst that could happen is this gets completely ignored, or I am told that there is already a solution, that I missed it, and directed to it. Here is my problem:
Just learned how to ssh into my machine a few days ago. Everything has been running smoothly until I ran into a little problem: all of a sudden I can't connect anymore. I have sshd-server installed and updated. I have sshd turned on
Code:
/sbin/service sshd start
And I even ran:
Code:
/etc/init.d/sshd start
Because I was told that it would start ssh from boot. Nothing has changed from today and yesterday and I haven't been having problems with port 22 being blocked.
I have also tried to ssh into the machine by the machine itself:
Code:
ssh <IP of machine>
with the same error.
I have just built a new postifx open relay server to allow my ISP clients to send emails. During testing of the SMPT protocol, I can managed to send emails to my localhost however, I can't send emails to other external mail server. Below is a test to a yahoo account. Aug 7 15:03:55 mx2 postfix/smtp[4050]: connect to g.mx.mail.yahoo.com[98.137.54.238]: Connection refused (port 25) Aug 7 15:03:55 mx2 postfix/smtp[4050]: F084EC8D76: to=<ellyu4@yahoo.com>, relay=none, delay=8.5, delays=1.2/0.05/7.3/0, dsn=4.4.1, status=deferred (connect to g.mx.mail.yahoo.com[98.137.54.238]: Connection refused)
[Code]....