Ubuntu Security :: Denyhosts Keeps Blocking External Ip

Oct 31, 2010

I've been using Deny Hosts for a couple of years now without trouble. My router forwards SSH calls to host tock on my LAN. My router's internet hostname is michigan. I keep an svn repository on tock and access it through michigan. In this way I can update my repository when I'm at home or away.Just today, however, whenever I try any ssh to michigan, I get a closed connection and find michigan in my hosts.deny file. I delete it, make a successful connection, but then on my next attempt - there I am in the hosts.deny file again.

I've worked around it by putting michigan into my hosts.allow file, but I would really like to know what's going on. I've configured Hosts Deny to lock out IPs after three failed attempts, but it is locking out michigan after one successful connection.

View 3 Replies


ADVERTISEMENT

Software :: Denyhosts Blocking Router IP?

Jul 9, 2010

I've been using the denyhosts software for about 8 months to block IPs that are trying to connect to my network that shouldn't be. I'm having trouble with it today for the first time and I can't track down the issue.It is installed on the main server which is the outside IP for the network as well. This should allow me to SSH to the hostname/network IP, or the NAT IP as well. It worked fine up until this morning when I started to work on an ftp server, as far as I know I didn't make any changes that should cause problems.

hosts.deny starts with no 192.x.x.x addresses in it. In allowed-hosts for denyhosts I have entered 192.168.1.1 so that the router should never get blocked.I can SSH to the hostname perfectly fine, connection doesn't drop or anything.If I SSH to the NAT address the connection hangs there while the IP address gets added to hosts.denyI can confirm 100% that I was able to SSH to my NAT from within the network with no problem, now it seems to throw the router IP into hosts.deny if I try to connect from within the network using the NAT.Here is the error that I get in /var/log/securesshd[9272]:d not receive identification string from 192.168.1.1I did update my system recently which may have changed the way some files behave, I will try updating Denyhosts as well. It looked like the address being blocked was an IPv6 since it was showing as:sshd[9201]: refused connect from ::ffff:192.168.1.1 (::ffff:192.168.1.1)

View 1 Replies View Related

Security :: Denyhosts Kicked Out Of Server?

Aug 31, 2010

So I installed denyhosts on my system and I ssh to it fine. Then all of a sudden I got an email saying my ip was added to the /etc/hosts.deny file.I have no clue why. I did not fail the login. So I had an open session and put it in the /etc/hosts.allow file and tried to ssh back in no problem.Then I logged out and all of a sudden I got the email saying my ip was added to the hosts.deny again. Now I am kicked out of the system..

I am guessing I cannot get back in until I get to the console and remove it. I can power on and off the system remotely but I enabled the chkconfig denyhosts on option so it starts on reboot. No remote console is setup.So it looks like I am hozed until I can get to the console, bummer as I was trying to set up a spacewalk server on it. I cannot get to the console for a few days so if anyone has ideas how I can get back in let me know. But denyhosts seems to be working as designed.

This was a default install I did not configure anything funky. Just changed the email to root and started it.I thought about changing my client IP but that wont work as I only have ssh passed on my router to that IP so if I change the client IP I wont get into my routing machine.I think i answered my own question but just thought I would askI guess my real question is why would denyhosts block my IP when the login did not fail and how do i configure it so this does not happen again.

View 8 Replies View Related

Ubuntu Security :: Denyhosts Working \ First Time Adding Lots Of Ips To The Hosts.deny?

May 16, 2011

I just set up denyhosts and it worked properly the first time adding lots of ips to the hosts.deny.I then set it to run every 12 hours noon and midnight.I wanted to see if ran properly and I got all this.Does it look like its working?

Code:
May 15 12:00:01 hyrule CRON[14286]: (root) CMD (python /usr/share/denyhosts/denyhosts_ctl.py -c /usr/share/denyhosts/denyhosts.cfg )

[code]...

View 4 Replies View Related

Ubuntu Security :: How To Check What The UFW Is Blocking

Mar 26, 2010

I can see what Firestarter is blocking in the Firestarter/Events tab, but after reading all the man pages of UFW, I still don't know how to check what the UFW is blocking.

View 9 Replies View Related

Ubuntu Security :: Ufw Not Blocking Ports?

Apr 1, 2010

After reading a lot about networking and security I decided to check the security of my own ubuntu box. So I went installing Nmap and discovered that port 139 was "open". Since I 'd read how to use ufw I created a deny rule for port 139. After a second scan with Nmap it still said that port 139 was open as shown below.

[Code]...

View 9 Replies View Related

Ubuntu Security :: Firestarter Keeps Blocking Ip's?

Mar 8, 2011

im having a bit of a problem with Firestarter, i have Transmission opened and i am downloading a movie but when i check Firestarter i see hundreds and hundreds of Ip's that are blocked, and like 10ip's every second that get blocked.

[Code].....

View 2 Replies View Related

Ubuntu Security :: Ufw Is Blocking Some Port 80 And Should Not?

Apr 15, 2011

I have the default to deny all. The only rule I have in there is:

Code:
To Action From
-- ------ ----

[code]....

View 4 Replies View Related

Ubuntu Security :: UFW Is Blocking Connections Even Though It's Set To Allow For In/Out

Aug 1, 2011

I might be misunderstanding the log but it looks like UFW is blocking connections. I want to allow all incoming and outgoing. I guess what I'm saying is that the servers on my computer will open ports but all other ports should respond with closed just like a default Ubuntu install. Trying to use UFW to monitor connections without really doing any firewalling.

Code:
Aug 1 07:14:07 universal-mechanism kernel: [311111.963762] [UFW BLOCK] IN=eth0 OUT= MAC=00:1f:c6:8a:e9:66:00:01:5c:32:f4:c1:08:00 SRC=72.21.203.146 DST=174.44.178.56 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=51984 DF PROTO=TCP SPT=80 DPT=54466 WINDOW=8201 RES=0x00 RST URGP=0

View 2 Replies View Related

Ubuntu Security :: Mobloquer Blocking Outgoing Connections?

Jan 18, 2010

Mobloquer starts up at boot and before I've even opened firefox or transmission or anything, mobloquer shows that is has started blocking several outgoing connections as well as ton of incoming connections. I was wondering if the outgoing connections is normal and what's a normal amount of network activity to show up in system monitor when I'm not actively using the internet.

View 2 Replies View Related

Security :: Blocking Web Content With Iptables?

Aug 8, 2010

Is possible blocking web with content for adults with iptables?

View 3 Replies View Related

Security :: Logging/Blocking LAN Traffic?

Apr 26, 2010

Where I work we have a lan, it is almost 100% windows machines except for 2 CentOS machines in which some clients connect to, via VPN. (very small network, <50 ip's used)

I would like to know if there is a way to block access from that machines to others in the network. I'm already logging traffic (with IPTraff) to see if they're accessing other machines in the network others than the ones they should connect.

View 7 Replies View Related

Security :: Red Hat SeLinux Is Blocking Ssh And Http?

Feb 3, 2011

When I turn on my SeLinux to enforcing mode on my Red Hat system ssh stops working and my http server stops responding.

I went into the SeLinux GUI and enabled things in there but still it wont work.

Any thoughts on what to check?

permissive mode and disabled they work

I read several articles that say it should not be affect by SeLinux and the setting look correct but the only thing I do is turn on SeLinux and ssh /httpd stop working

ps -eZ | grep sshd
system_u:system_r:unconfined_t:SystemLow-SystemHigh 432 ? 00:00:00 sshd
system_u:system_r:unconfined_t:SystemLow-SystemHigh 2426 ? 00:00:00 sshd
[root@goxsa1340 ~]# ps -eZ | grep httpd
user_u:system_r:httpd_t 3044 ? 00:00:00 httpd

[Code].....

View 11 Replies View Related

Fedora Security :: SELinux Is Blocking Ipod?

Jul 8, 2009

I am running Fedora 11 and every time i plug in my iPod it tells me... SELinux is preventing mkdir (podsleuth_t) "read" security_t ... I have no idea on how to create a policy module to allow access.

View 2 Replies View Related

Fedora Security :: Web Site Blocking For Particular User

Apr 14, 2010

In fedora 12 how can i configure the system such that a particular user can browse only selected web sites.

View 9 Replies View Related

Fedora Security :: Blocking And Allowing IP Address For FTP?

Jul 15, 2010

I want to ask about securing the FTP connection... I have one server that Installed with Redhat Linux Fedora 6.

And now, i want to securing the FTP access, so only the selected IP will be allowed to connect. Do anyone know how to do this?

Another thing is, my server using Webmin 1.3 to manage the server and there not installed / not configured yet with Frox FTP, ProFTPD Server, WU-FTP Server... even there is such thing in my Webmin...

Can i make use one of the three FTP i mention above, and if yes, will it be affecting the current FTP access?

View 1 Replies View Related

Fedora Security :: Blocking Ip Address Range?

Dec 31, 2010

I'm assuming that the following should block the complete 178.123.xxx.xxx address range.

Code:
iptables -I INPUT -s 178.123.0.0/24 -j DROP
Then I believe that I need to save this change.

Code:
service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]

However, I'm not so sure that it is actually working based on the fact that there continues to be access to my wiki from that address range. The following is after I made the firewall change.

Quote:

178.123.177.61 - - [31/Dec/2010:04:24:40 -0500] "GET /mywiki/Opera%20Web%20Browser?action=edit&editor=text HTTP/1.1" 200 6346 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
code....

Let me state that I'm new at this iptables thing. I did some reading and decided that I need to make the above change to the firewall but it doesn't seem to make a difference.

View 12 Replies View Related

Fedora Security :: SEL Is Blocking Xauthority File?

Aug 8, 2011

since I upgraded to F15 I noticed that "su -l" is very slow, it takes about 20sec before it gives the prompt. I traced it down to a problem with "xauth" as su asks for the authorization for the display running "xauth nlist :0" which times out with an error. Actually, the command "xauth nlist :0" by itself gives:
xauth: timeout in locking authority file /home/user/.kde/tmp-host.domain/xauth-200-_0

If I put SELinux in permissive mode both command work without problem so I suppose SEL is the problem. I checked the permissions and settings of the file which is "unconfined_u:object_r:config_home_t:s0" but I have no idea if this is the right value, running "restorecon" on the file, directory or the whole /home/user didn't change anything.

View 4 Replies View Related

Security :: Blocking A Specific IP Address From Server?

May 8, 2010

I would like to COMPLETELY block a specific IP address using iptables. I found this one:

Code:

iptables -A INPUT -p tcp -s xxx.xxx.xxx.xxx -j REJECT --reject-with tcp-reset

Will this work? How do I undo the changes later?

View 2 Replies View Related

Security :: Blocking An Ip Address Range Within Iptables?

Mar 30, 2009

I am setting up a iptables firewall on one of our servers, and I would like to block a range of addresses from getting into the system. I am using a script that does a BLACKIN and BLACKOUT methodology for specific addresses. One example is the following:

Code:

$IPTABLES -A BLACKIN -s 202.109.114.147 -j DROP
...
$IPTABLES -A BLACKOUT -d 202.109.114.117 -j DROP

What would be the correct syntax to use if I wanted to block an entire remote subnet from getting into the server?

View 4 Replies View Related

Security :: Blocking Ips Permanently And Throwing Away The Keys

Sep 22, 2010

I want to block some ips permanently ie. even I as the root user cannot unblock these ips without having to format the whole system.

So i thought if some blocking software provided passwords for editing rules and I put a 'junk' password there and so that I can't delete the rules without the 'junk' password which I don't know.

So I examined iptables and I saw that it is a kernel module so there is no use of that since I can probably throw it away.

But the basic question is to block ips and gulp the key.

View 5 Replies View Related

Security :: Blocking Users Who Are Not Defined In DNS Record

Jul 29, 2010

In our organization we use Static IP addressing scheme(Some departments have DHCP which is not related to this thread). We use Squid as proxy.

We assign each machine its IP address and make entry in our TinyDNS database, and provide those details to users, which they manually enter in their config and then access the network. We assign different range of IPs to different departments. This we consider as the "proper way" for our organization.

But we have found that lot many users are simply guessing some IPs and using them without having any entry in our DNS record. Though this works for some, most of the time we end up having IP conflicts and disorganization in our organizational allocation policy.

So, my question is, How do I block the specific IPs whose entry is not explicitly defined in our DNS record. In other word if the IP 192.168.20.15(lets say he is jack.ourorganization.com) is defined in our DNS, we should allow access... where as if IP 192.168.20.16(this does not translate to any user as it is not defined in our DNS) is not defined in our DNS we should not allow it access to our network.

View 6 Replies View Related

Security :: IPTables Setup Blocking SSH Traffic

Feb 11, 2011

I set up iptables but it is blocking my SSH set up. I did allow it by opening port 22 but it did not work. Here is my config:

Code:
iptables -F
iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP

### this should allow SSH traffic
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

How do you allow SSH through the iptables firewall?

View 5 Replies View Related

Fedora Security :: SElinux Is Blocking My Internet Connection

Mar 15, 2009

SElinux is blocking my internet connection and every time when I connect t the internet (pppoe connection) I ge message.

View 2 Replies View Related

Security :: Blocking Local Webserver For Internal Clients?

Sep 18, 2009

I've small issue with blocking local clients. I mean I've webserver that I want to allow limited number to clients to that let say I've 10 users from 10.5.1.1-10 I would like to block 1-9 and allow only last client to access that webserver . Ive tried the following

Code:

iptables -A -p tcp -i eth1 -d 10.1.1.14 -s ! 10.5.1.10 -j REJECT
iptables -A INPUT -p tcp -d 10.1.1.14 -i eth1 -s ! 10.5.1.10 -j DROP

View 1 Replies View Related

Security :: Blocking Program Access To Clipboard Data?

Feb 9, 2011

I'm running a program called Synergy+ to let my keyboard and mouse control multiple computers. One of Synergy+'s features is that clipboard (copy-paste) data is able to be shared, as in copy on one machine, paste onto another. I would like this functionality removed but Synergy+ has no way to disable it. I'm looking for any ideas to block clipboard data from being transferred. Is there a way to block a program from accessing the machine's clipboard data?

View 5 Replies View Related

Security :: CentOS 5.5 Upgrade - IPTables SSH Auto Blocking

Jun 6, 2011

I have a fiberoptic broadband 20MB synchronous pipe at my home. Over summer at my place of employment its pretty much dead for 3 months so when I'm not busy I play around on my home server. I have my 20mb pipe going directly into my wrt54gl, from there I have a wired connection going to my server (Centos 5.3 recently upgraded to 5.5 through updates.) It serves as a file server(Samba, SSH). My wrt54gl handles natting port 22 to my server. I have my wireless AP setup to hand out leases from .2-.20 and my server has a static of .100. Dyndns.org handles my name resolution via their free account method.

I have a Mac Pro, iMac, Macbook, and a Toshiba Laptop with 64bit 7 running off wireless along with our cell phones, and my XBOX 360 also is wired directly for the gaming speed. I use all of the computers around my home to access the samba shares via unc path for file sharing and or working on projects. I had originally planned to upgrade the wrt54gl with a cisco e3200 or an e3000 but unfortunately I've come to find out dyndns and the e lines of cisco wireless AP's dont work with dyndns and get banned. So I would have to install the daemon on my server and put it as a directly connected server to my WAN link and install a second ethernet card and pass traffic through my server for the rest of my home which I am not going to do.

All of the previous sentence because it would update dyndns with a 192.168.x.x address since its not directly connected. I use a combination of putty.exe and vnc viewer to tunnel 5900 through port 22 to my server. So from anywhere I am at I can access my screen securely and then rdp or vnc to the desktop of my local LAN computers. This allows me to only have port 22 open. I've been looking at my ssh logs and noticed I have been getting hit alot with ssh scans. I want to implement an iptables firewall on my linux machine just for the purpose of further securing port 22. I dont necessarily need natting on the iptables firewall but all I need is ssh in and out, web in, and samba out to local ip's only.

For SSH this is what I want. I want to allow SSH from any IP but if it tries to login more than 3 times in one minute I want to block that IP for a full minute before it can try 3 more attempts. I also would like log to a file but have been having issues getting that to work as well. That way when I review logs and I see that an ip tries three times and then waits a minute and tries three more, etc... I can permanently block that ip or range of ip's by adding it to the iptables script. Here is my current iptables script and it doesnt seem to be working for me. I have played with this and read for almost two weeks and still cannot get it to work correctly.

Code:
#!/bin/bash
# In order to use this iptables firewall script you must have iptables installed. You also must be using a 2.4.x series Kernel, with iptables suppport compiled into it, which is standard for most newer linux distributions.
# If you need help compiling iptables into your kernel, please see our kernel Compile/Upgrade Guide located at [URL]
# Once the script has been edited with all your relevant information (IP's Network Interfaces, etc..) simply make the script executable and run it as root.
# chmod 700 fw_rules.sh
# ./fw_rules.sh .....

# Our final trap. Everything on INPUT goes to the dropwall
# So we don't get silent drops.
$IPT -A INPUT -j dropwall

View 3 Replies View Related

Ubuntu Security :: Blocking Linhost274.prod.mesa1.secureserver.net From Accessing Machine

Feb 3, 2011

I am trying to keep linhost274.prod.mesa1.secureserver.net (IP 208.109.14.77) from accessing my machine. Several times per evening (as far as I see) it connects to my machine, each time on a different port, and pushes up data transfer. I can't find what it does, it just pushes a GB or more over the line and then stops. I try to keep it out with UFW:

[Code]...

View 6 Replies View Related

Fedora Security :: SELinux Blocking Sshd Access To Shadow?

Mar 6, 2010

I'm trying to setup ssh access on my Fedora 12 laptop. I get the following error message in /var/log/secure when I try to login from another machine using ssh and the login is denied:

Code:

sshd[3025]: error: Could not get shadow information for <user>
sshd[3025]: Failed password for <user> from <ip> port <port> ssh2

If I do a 'setenforce 0' I can login and no error is logged.

View 10 Replies View Related

Security :: Debian 6: Iptables Blocking Certain IP Ranges On A Certain Port Range?

May 16, 2011

I am currently running Debian 6. I would like to know if there is a way and how i would go about blocking a certain IP range from connecting to my server within a certain port range. Say for example.

i want to block ip range 123.123.123.* from connecting to my server on the ports 33000 - 43000. But, i want to allow them to connect on any other port range, and i want to be able to allow connections from my server to the blocked ip range on those same ports. so, blocking incoming only on the above port range.

using iptables.

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved