Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Network attack - so what?
Special Forums Cybersecurity Network attack - so what? Post 302383309 by thegeek on Tuesday 29th of December 2009 08:03:26 AM
Old 12-29-2009
You should block those IPs using firewall.
  • You should constantly monitor the log, and append your block list with the new IPs that attacks.
  • Or allow only the IPs that are expected.
You should have strong password for root login, if that is ssh attack. Or even you can think about locking the root account, and use some sudo account to do the administration and be in the safer side.
 

7 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Bruteforce attack on my pc

since putting my pc online, it keeps getting slower and i dig the logfile to have such a surprise: this is just one of a many and I beleived it's a bruteforce attack how do i block this IP 200.41.81.228 from trying to knock my online pc? my system: FreeBSD testing.net 6.2-STABLE-JE... (6 Replies)
Discussion started by: rdns
6 Replies

2. Cybersecurity

Replay Attack

REPLAY ATTACK. Can some one elobrate on measures to encounter this problem of replay atack on network. (3 Replies)
Discussion started by: Ashvin Gaur
3 Replies

3. IP Networking

Bizzare network attack?

A server I host is having very rare glitches where a file the user downloads will have incorrect contents. This almost never happens when I am looking, I caught it once and only once -- a user messaged me saying his antivirus had given him a warning about an image file downloaded from his... (2 Replies)
Discussion started by: Corona688
2 Replies

4. Cybersecurity

What I think is a DoS attack

About 3 days ago our Apache logs started filling with the following errors: mod_ssl: SSL handshake failed (server <weberver>:443, client 41.235.234.172) (OpenSSL library error follows) OpenSSL: error:1408A0B7:SSL routines:SSL3_GET_CLIENT_HELLO:no ciphers specified These initially were... (1 Reply)
Discussion started by: ccj4467
1 Replies

5. Cybersecurity

Found attack from

Hi, I have a belkin router installed and a look at the security log has got me worried a little bit. Security log: Fri Jan 29 20:41:46 2010 =>Found attack from 68.147.232.199. Source port is 58591 and destination port is 12426 which use the TCP protocol. Fri Jan 29 20:41:46 2010 ... (1 Reply)
Discussion started by: jld
1 Replies

6. Cybersecurity

UUCP attack?

Is this an attack attempt? I got an e-mail from 'uucp Admin' last night and again this morning: What does it mean and what can I do about it? Thanks (4 Replies)
Discussion started by: ctafret
4 Replies

7. Emergency UNIX and Linux Support

DDOS attack please help!

Dear community, my site was recently attacjed by DDOS technique and goes down in a few minutes. My site runs under Debian/Apache2/Mysql. I identified the IPs who attack me and block it through iptable firewall from debian. Something like: iptables -D INPUT -s xxx.xxx.xxx.xxx -j DROP This... (7 Replies)
Discussion started by: Lord Spectre
7 Replies

LEARN ABOUT DEBIAN

init_policy

INIT_POLICY(8)						  System Administration Utilities					    INIT_POLICY(8)

NAME

       init_policy - initialize TOMOYO Linux policy

SYNOPSIS

       init_policy [option]

DESCRIPTION

       This program generates templates for all policy files. However, the output should be reviewed because automatically generated exception
       policy may contain dangerous or redundant entries.

       This program only needs to be run once.

OPTIONS

       --file-only-profile
	   Create profiles with only file-related functionality enabled.

       --full-profile
	   Create profiles with all functionality enabled. [default]

       --use_profile=integer
	   Set the default profile number for the "<kernel>" domain to the specified integer, which must be between 0 and 255. [default=0]

       --use_group=integer
	   Set the default group number for the "<kernel>" domain to the specified integer, which must be between 0 and 255. [default=0]

       --max_audit_log=integer
	   Set the default maximal audit log entries that the kernel will spool in the /sys/kernel/security/tomoyo/audit interface. This value
	   must be an integer, and can be set to 0 if audit logs are not required. Maximum memory used can also be controlled via the
	   /sys/kernel/security/tomoyo/stat interface. [default=1024]

       --max_learning_entry=integer
	   Set the default maximum number of ACL entries automatically added to each domain by the kernel when using learning mode. This value
	   must be an integer, and can be set to o if you do not need learning mode. Maximum memory used can also be controlled using the
	   /sys/kernel/security/tomoyo/stat interface.

       --grant_log=value
	   Set whether grant logs should be audited. This value can either be "yes" or "no". [default=no]

       --reject_log=value
	   Set whether reject logs should be audited. This value can either be "yes" or "no". [default=yes]

EXAMPLES

       Initialize policy
	     /usr/lib/tomoyo/init_policy

BUGS

       If you find any bugs, send an email to <tomoyo-users-en@lists.sourceforge.jp>.

AUTHORS

       Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
	   Main author.

       Jamie Nguyen <jamie@tomoyolinux.co.uk>
	   Documentation and website.

       Naohiro Aoto <naoto@namazu.org>
	   Bug fix for 64bit Gentoo.

SEE ALSO

       tomoyo-init(8)

       See <http://tomoyo.sourceforge.jp> for more information.

tomoyo-tools 2.5.0						    2012-04-14							    INIT_POLICY(8)
All times are GMT -4. The time now is 03:33 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy