Bruteforce attack on my pc Post: 302140692

Sponsored Content

Top Forums UNIX for Dummies Questions & Answers Bruteforce attack on my pc Post 302140692 by rdns on Monday 15th of October 2007 01:39:00 PM

10-15-2007

Registered User

thanks! cbkihong,

i'm willing to change the sshd port
meanwhile i'm learning on IPFW and managed to get IPFW up

but while configuring the rules, I stucked at here:

Quote:

############### start of example ipfw rules script #############
#
ipfw -q -f flush # Delete all rules
# Set defaults
oif="tun0" # out interface
odns="192.0.2.11" # ISP's DNS server IP address
cmd="ipfw -q add " # build rule prefix
ks="keep-state" # just too lazy to key this each time
$cmd 00500 check-state
$cmd 00502 deny all from any to any frag
$cmd 00501 deny tcp from any to any established
$cmd 00600 allow tcp from any to any 80 out via $oif setup $ks
$cmd 00610 allow tcp from any to $odns 53 out via $oif setup $ks
$cmd 00611 allow udp from any to $odns 53 out via $oif $ks
################### End of example ipfw rules script ############

this is /etc/ipfw.rules script sourced at IPFW

just a simple question:
do i need to change

Quote:

oif="tun0" # out interface
odns="192.0.2.11" # ISP's DNS server IP address

1. tun0 to my ethernet id
2. odns to my ISP DNS server?

let say from ifconfig, my ethernet is "bge0"
and my DNS IP is 202.188.1.1 and 202.188.2.2

thanks for advice

rdns

View Public Profile for rdns

Find all posts by rdns

7 More Discussions You Might Find Interesting

1. Cybersecurity

Replay Attack

REPLAY ATTACK. Can some one elobrate on measures to encounter this problem of replay atack on network.

2. Cybersecurity

What I think is a DoS attack

About 3 days ago our Apache logs started filling with the following errors: mod_ssl: SSL handshake failed (server <weberver>:443, client 41.235.234.172) (OpenSSL library error follows) OpenSSL: error:1408A0B7:SSL routines:SSL3_GET_CLIENT_HELLO:no ciphers specified These initially were...

3. Cybersecurity

Found attack from

Hi, I have a belkin router installed and a look at the security log has got me worried a little bit. Security log: Fri Jan 29 20:41:46 2010 =>Found attack from 68.147.232.199. Source port is 58591 and destination port is 12426 which use the TCP protocol. Fri Jan 29 20:41:46 2010 ...

4. Cybersecurity

Network attack - so what?

In my logs I find entries about attacks on my system. I know IP addresses, I know date and time and I know what they tried to do. So what's the best I can do now? Tell everybody that there are cybercriminals on that network? Write an email to their admin? Anything else?

5. Cybersecurity

UUCP attack?

Is this an attack attempt? I got an e-mail from 'uucp Admin' last night and again this morning: What does it mean and what can I do about it? Thanks

6. UNIX for Dummies Questions & Answers

I need a database and a plan of attack!

Hi everyone, I've got an extensive collection of seismic files that I am trying to turn into workable subsurface data collection. It's all real-time history and it is being loaded onto the main linux computer from a collection of about 1000 CDs. There are about 4000 seismic files on each CD, and...

7. Emergency UNIX and Linux Support

DDOS attack please help!

Dear community, my site was recently attacjed by DDOS technique and goes down in a few minutes. My site runs under Debian/Apache2/Mysql. I identified the IPs who attack me and block it through iptable firewall from debian. Something like: iptables -D INPUT -s xxx.xxx.xxx.xxx -j DROP This...

LEARN ABOUT OPENSOLARIS

ipfirewall

IPFW(4)                                                    BSD Kernel Interfaces Manual                                                    IPFW(4)

NAME

     ipfw -- IP packet filter and traffic accounting

SYNOPSIS

     To compile ipfw into the kernel, place the following option in the kernel configuration file:

           options IPFIREWALL

     Other kernel options related to ipfw which may also be useful are:

           options IPFIREWALL_DEFAULT_TO_ACCEPT
           options IPFIREWALL_FORWARD
           options IPFIREWALL_VERBOSE
           options IPFIREWALL_VERBOSE_LIMIT=100

     To load ipfw as a module at boot time, add the following line into the loader.conf(5) file:

           ipfw_load="YES"

DESCRIPTION

     The ipfw system facility allows filtering, redirecting, and other operations on IP packets travelling through network interfaces.

     The default behavior of ipfw is to block all incoming and outgoing traffic.  This behavior can be modified, to allow all traffic through the
     ipfw firewall by default, by enabling the IPFIREWALL_DEFAULT_TO_ACCEPT kernel option.  This option may be useful when configuring ipfw for
     the first time.  If the default ipfw behavior is to allow everything, it is easier to cope with firewall-tuning mistakes which may acciden-
     tally block all traffic.

     To enable logging of packets passing through ipfw, enable the IPFIREWALL_VERBOSE kernel option.  The IPFIREWALL_VERBOSE_LIMIT option will
     prevent syslogd(8) from flooding system logs or causing local Denial of Service.  This option may be set to the number of packets which will
     be logged on a per-entry basis before the entry is rate-limited.

     Policy routing and transparent forwarding features of ipfw can be enabled by IPFIREWALL_FORWARD kernel option.

     The user interface for ipfw is implemented by the ipfw(8) utility, so please refer to the ipfw(8) manpage for a complete description of the
     ipfw capabilities and how to use it.

SEE ALSO

     setsockopt(2), divert(4), ip(4), ipfw(8), sysctl(8), syslogd(8), pfil(9)

BSD                                                              September 1, 2006                                                             BSD