Ubuntu Security :: Unable To Block Icmp Requests Permanently
Apr 30, 2010
i've tried blocking ping requests with iptables.. and it didnt work Quote: iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
also tried editing sysctl.conf.. which worked perfectly but after i restarted the system i was able to ping my ubuntu machine from my lappy here is what i added to sysctl.conf and then executed it with sysctl -p
Quote: net.ipv4.icmp_echo_ignore_all = 1 here is another atempt to block.. this one worked too... but again after the restart i was able to ping my machine.. Quote: echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
I am setting up a virtual server. Ubuntu 11.04, "minimal provider image".UFW was disabled by default. I set it to default deny. Allowed HTTP, SSH and other standard stuff, and enabled it. All seems to be OK. Adding one rule to block some annoying security scanners causes ping not to work. I'm not an Iptables expert, but it looks OK to me. I got it from some website, rather than invented it myself, but modified to to fit the ufw config file syntax. What in that rule prevents pings?!? It seems completely unrelated.
I've been trying to configure ufw to drop ping requests for a couple days now, and I can't figure it out. I've tried a couple different methods in some different guides, still nothing. Anyone know how to do this?
I have suspicious requests in my haproxy logs from multiple sources to the same target. I could deny them in /etc/hosts.deny, but there are too many to keep track of. Is there a way to deny all requests to a specific target either in haproxy or through iptables?
Here's an example of the request: Apr 12 15:11:37 127.0.0.1 haproxy[28672]: 41.105.42.150:27072 [12/Apr/2011:15:11:37.315] web_servers frontend_farm/######## 3/0/1/1/169 404 1073 - - --NI 3/3/2/1/0 0/0 "GET /images/comment_icon.gif HTTP/1.1"
I've commented out my amazon instance id for security purposes. The request is for comment_icon.gif which does not exist. All requests go to that. The source IPs are from different countries as well. Blocking a certain country won't work either. Basically, if there was a way to send all requests for comment_icon.gif to /dev/null or something it would work.
I have One Server which is having IP 10.176.0.155. I want that client 10.176.0.135 is not able to ping this server only & cane it is possible to block through hosts.
Installed Ubuntu Server 10.10, included Apache, PHP, and OpenSSH. Apache is up and serving pages, I can connect using PuTTY no problem. Server responds to a pingHowever, attempting to use ping or traceroute from the server results in a Destination Unreachable. Happens even for other 192.168.1.10x boxes on the local network
I was trying to write IPTABLES script to block the ICMP ping using the below mentioned command in OpenSUSE 11.2 Doing this in VMware.....
iptables -A OUTPUT -o eth0 -p icmp -j DROP
& then I tried to ping the different computer & it didnt allow me to ping. Then I deleted using the command -
iptables -D OUTPUT -o eth0 -p icmp -j DROP
then I couldnt ping also. Another thing I found is my firefox is not connecting to the internet as well, but before writing the script, I can connect to internet.
My computer shares an internet connection using an ADSL router.There are other three machines.I have set up a Apache server for learning purpose and I want it to be inaccessible from anywhere else including the PCs in the network.When I enter my ip-address assigned in the network (192.168.1.1xx) from other computer,I get my ppages and I dont want that.
How can I block HTTP requests from other computers?
I run a small home server (Debian 4), which acts as my gateway to the internet (ie, firewall) and runs a web server, dhcp, dns, and acts as a file server to the rest of the machines on my home network. Now I know it's never a smart idea to have all those services running on the same machine that is acting as a firewall, but I don't fancy running multiple servers just for home use, as it's mainly allowing me to learn system administration.
I noticed a few days ago that my internet had become unbearably slow, to the point where I could sometimes not load web pages. I spent a while searching through log files on my gateway, to try and find out what was eating up all of my bandwidth. When I came to apache's access.log file, I was confronted with this:
Multiple requests to my server, for totally random websites. I didn't even know it was possible to make those types of queries to a webserver. The only thing that is on the web server is a browser based torrent client. I have only shown a small snippet of the log file, but there are around 90k lines to different web addresses, from many different IPs. What I want to know, is what is happening? :S Why is someone querying MY web server, for web sites totally unrelated to it? And most of all, how can I stop it. My initial was to try and use iptables to block multiple requests from the same ip within a certain time frame, which I think would work as the server shouldn't really get many queries from external networks.
I'm a java developer that must use the official JDK distribution. We tried using the open version and it gave us problems. We run the same java in DEV as we do in PRO.
OpenOffice INSISTS -- CANNOT LIVE WITHOUT -- the openjdk... EVERY TIME I try to update, it wants to install that package!
Is there a way that I can block the system from installing a package? Maybe I could just tell people to do --skip-broken with all their upgrade commands, because I disabled that package somehow? Anyone know how to do this?
I run my own home server using OpenSuse 11.1, everything is setup using apache, php, etc etc, and it all works perfect, but now I need to use my own email server for the use of Dolphin social networking software, so that when someone registers, the email server sends out registration confirmation emails, so I set up postfix, yeah right!!!, even though I followed all instructions to set postfix as a closed relay, a test done at mxtoolbox site still said it was an open relay, but while I was trying to set up postfix, my access to the server slowed down, and my servers drive light was constantly active,,, so when I look at the mail queue, I saw 4000+ emails, all from japan, (hinen.net), so I promptly shut down postfix and use postsuper -d ALL in the command console to delete the queue, but no matter how I try, I couldn't configure postfix as a closed relay,,, so I uninstalled it and installed sendmail, and using webmin, I could use a spam list and block the domain, now, sendmail's test at mxtools show as a closed relay, I can't even send out a test email using smtp auth, but disabling auth, I can, but now my IP is blocked at spam cop, and spamhaus,,, gmail server say my IP is not authorized to send to their servers, but to use my ISP relay instead,,, but my ISP doesn't have a relay,,hence the need to run my own email server.
My home server uses double layer firewall, a hardware firewall between the internet and the server, and a software firewall on the server, and I only allow the ports I need, IE, 80 = http, 443 = https, 20/21 = ftp, 25 = smtp, 110 = pop3. and that's all, but any other internal access from my workstation to the server, using ssh, I only open the ports on the server firewall. If someone here has a great deal of knowledge on sendmail, and can set up a an M4 (linux.mc) config file for me, it would be much appreciated. What I would like my email server to do, is to only allow the sending of emails from inside it's own server system,, ie, when a php script sends an email to the server, then the email server would let it through, but anything else, outside the local network is ignored.
I need to allow ICMP ping for one host only. I found out how to enable it to all hosts (ICMP Filtering, check ping) but I would like to reduce the scope to one host. I know I can add rules in the user_post script but I can't find the correct iptables command ...
The ip_blacklist chain is used to immediately drop any traffic from specified address ranges, while the tcp_, udp_, and icmp_packets chains contain rules for further processing of those protocols. The last rule in each of the latter three chains drops all packets that didn't match any rules above it; so tcp, udp, and icmp packets should NOT get caught by the default INPUT policy (DROP). The goal of the last rule on the INPUT chain is to then log any packets that are picked up by the default policy. However, it's not working.
I can tell that there are packets being picked off by the default policy because the counters are being incremented, but nothing is logged by that last rule. My conclusion is that it's only looking for tcp, udp, and icmp packets and ignoring everything else.
How to get iptables to log all the other protocols (or whatever is being caught by the default policy)?
i have configured racoon (ipsec tunnel) between 2 hosts and i am afraid of unencrypted ICMP which appears in TCPDUMP logs. There ale also encrypted ESP packets. Is this result of wrong racoon configuration? 172.16.220.133
I use Ubuntu 10.04 and I want to be able to move around the system without having to frequently enter my password. For example, when waking up the system from a power save state or when accessing Synaptic Package Manager I do not want to be asked to enter my password. There is nothing on my system that matters if its security is breached. Is there a way to turn off these requests for a password?
Ok i think Tor has some way of making the dns queries anonymous by default. I did the DNS nameserver spoofablity test here at [URL] and the results i got showed about 30 different dns servers. Normally when i carry out this test on my standard isp connection or the vpn i use i just get one dns servers settings consistently.
I've lately been getting some strange nfs mount requests for non existant users' home directories on a F14 machine to my file server (CentOS).The message log on the file server shows the following
May 23 03:10:53 data mountd[4835]: can't stat exported dir /export/home/httpd: No such file or directory May 24 03:21:13 data mountd[4835]: can't stat exported dir /export/home/httpd: No such file or directory May 25 03:26:53 data mountd[4835]: can't stat exported dir /export/home/httpd: No such file or directory
Below is the print out of requests, with the website address "#.com". The requests are listed in the order in which they appear on the stats page. What does it mean?:
Code: # traceroute -I 69.12.32.2 Note: the -i and -I options were exchangedfor compability with LBL traceroute Use -I for ICMP, and -i <ifname> to specify the interface name unable to create ICMP send socket: Permission denied Note that the command was done as root. This worked in 11.3.
And yes, it works without the "-I". But it should work with the "-I". One shouldn't have to boot into Windows, just to run "tracert" there.
In my logs for Apache I have lots and lots of failed attempts for incorrect incarnations of [URL]. None of them are anywhere near my alias for the index.php but yet phpmyadmin is broken. Is there away I can mess up robots like this. Send IP's that create multiple wrong page requests on my server back to their own IP address maybe? I would then just set thresholds to decide how strict to be. I did try fail-to-ban before but it is cryptic. I don't have it on this particular server.
I am trying to send a multicast stream out from a Windows XP computer to my FC12 computer. I am using VLC for both the stream and the receive end of the process. Its version is 1.1.0-pre1 if that helps.As of right now I've used Wireshark to detect network packets, and I am unable to see any IGMP requests from the Fedora's IP address, whereas when I try to initialize a receiving stream on my Windows XP computer, I can see IGMP packets where appropriate. So the issue clearly lies with either VLC in Fedora, or Fedora itself, but I can't figure out how to narrow it down any further.
If it helps, I AM able to stream FROM my Fedora computer TO my Windows computer. Additionally, I am UNABLE to stream from my Fedora computer back to my Fedora computer (locally), despite being able to do that on the Windows side.
I am using Fedora. I want to disable Linux iptables permanently. Normally when I reboot my pc the iptable service is on. how can I disable even I turn reboot the pc.
I want to block some ips permanently ie. even I as the root user cannot unblock these ips without having to format the whole system.
So i thought if some blocking software provided passwords for editing rules and I put a 'junk' password there and so that I can't delete the rules without the 'junk' password which I don't know.
So I examined iptables and I saw that it is a kernel module so there is no use of that since I can probably throw it away.
But the basic question is to block ips and gulp the key.
my samba server is working properly but i want to mount it permanently on linux (red hat) client.i have tried /etc/fstab and also autofs service but both are not working for me.
1. /etc/fstab i made the following entry in it //192.168.0.254/myshare /temp smbfs credentials=/root/pass 0 0 and when i use comman mount -a it shows "unknown filesystem smbfs" why this is so?
I'm trying to block an incoming URL. My ISP is hijacking 404 pages and annoyingly changing the URL line in the browser and flashing all sorts of popup ads. I just need it for incoming URLs which my router doesn't seem to handle. I'd prefer something packaged with Ubuntu 8.04, but anything simple will do. I know in KDE I could edit the kdeglobals file with:
My question is how to block a subdomain of a site. To make it as clear as possible, I'll give an example. I am regularly entering this arbitrary site [URL] which redirects me to this page [URL] and this index.html takes an image from a subdomain which is a subfolder of itself, that is: [URL]. What I am asking is blocking the images to be taken, but not the main page itself, i.e. to block www.somesite.abc/images/ without blocking the overall www.somesite.abc.
My idea was to use the /etc/hosts file by redirecting to loopback address: Code: 127.0.0.1 www.somesite.abc/images But it looks as if it doesn't affect things at all. Should I use it another way? Modifying /etc/hosts.deny maybe useful?
I have noticed interesting problem. I use two browsers - Firefox and Konqueror. Konqueror is configured to use tor, Firefox not. Using Gufw I block all incoming and outgoing traffic and it works while using Firefox, I mean that I can't view any www site and it is ok. But if I use Konqueror I can establish any conection. How to understand this? Should I have different firewall while using tor?
For example, can I write something to the effect: block all outbound UDP connections over port 53 except those going to IP 123.456.789. Or stated another way: Block outbound to port 53/udp NOT going to ip address 123.454.678Is it possible to do this? How would I write the argument?
