Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Server hacked on known port
Special Forums Cybersecurity Server hacked on known port Post 303029987 by Neo on Monday 4th of February 2019 07:19:01 AM
Old 02-04-2019
In other to help people understand this, I will flush the iptables (remove all rules) and list the results:

Code:
linux# iptables -F


linux# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

 

8 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

which port to write my server application?

I want to write a server application that would accept HTTP requests from client. The server would be on a machine that has no connection to the INTERNET. The clients that would be posting their HTTP requests would be doing so through webbrowser .Thus it would be sort of intranet application.... (0 Replies)
Discussion started by: rraajjiibb
0 Replies

2. Linux

pc hacked

Hi, i think someone has hacked my server, the following rules used to come which i haven't put. Please help me i couldnt find out how this rules are apply, i think someone has put an script which generates enables the rules. But after restarting the iptables everything seems to be working... (0 Replies)
Discussion started by: naik_mit
0 Replies

3. UNIX for Dummies Questions & Answers

Old ATT Server Port Question

Just got old ATT server (10 base T)shipped and want to connect to Windows using com port. Got hardware to connect RJ45 from windows box & serial on ATT. I added XP static ip to host file but get no ping return. Do I have to open unix com port? How? (2 Replies)
Discussion started by: kctech
2 Replies

4. UNIX for Advanced & Expert Users

ssh port forward over three server

Hello there, I have a big problem, and I hope somebody can help me. I try to realize a port forward over three server. Here is a picture... Client Server1 | Server2 ------- ------- | ------- |...... | |...... | | |...... ... (2 Replies)
Discussion started by: Art007
2 Replies

5. Cybersecurity

How to know when you've been hacked

One of the most important ways to keep tou machine secure is to know when it has been broken into. The less time hackers have on your system, the less they can do to it, and the greater you chancens of kicking them off and repairing the damage. The more sophisticated the hacker, the less likely... (8 Replies)
Discussion started by: binhnx2000
8 Replies

6. UNIX for Dummies Questions & Answers

Plesk Server Hacked - How to Backup

Hello! First of all: I am a newbie. :o :( I have a CentOS 64bit server with Plesk Panel 8.6. And have been hacked. :mad: After many tries and support tickets, I am configuring a new server, with Suse 11 and Plesk 9.2. I know that Plesk 8.6 have a backup utility (Parallels Plesk Control... (3 Replies)
Discussion started by: miguelvidal
3 Replies

7. Cybersecurity

Different ssh fingerprints on server vs the one on port 22

Hi Guys, My certificate in /etc/ssh is different to what is on port 22. username@server:~$ ssh-keyscan -p 22 127.0.0.1 > /tmp/rsa.tmp # 127.0.0.1 SSH-1.99-OpenSSH_33.33 username@server:~$ ssh-keygen -lf /tmp/rsa.tmp 1024 46:something..................... 127.0.0.1... (0 Replies)
Discussion started by: mu100
0 Replies

8. Solaris

How to find port number wwn of particular port on dual port HBA,?

please find the below o/p for your reference bash-3.00# fcinfo hba-port HBA Port WWN: 21000024ff295a34 OS Device Name: /dev/cfg/c2 Manufacturer: QLogic Corp. Model: 375-3356-02 Firmware Version: 05.03.02 FCode/BIOS Version: BIOS: 2.02; fcode: 2.01;... (3 Replies)
Discussion started by: sb200
3 Replies

LEARN ABOUT DEBIAN

arptables

ARPTABLES(8)						      System Manager's Manual						      ARPTABLES(8)

NAME

       arptables - ARP table administration

SYNOPSIS

       arptables [-t table] -[AD] chain rule-specification [options]
       arptables [-t table] -[RI] chain rulenum rule-specification [options]
       arptables [-t table] -D chain rulenum [options]
       arptables [-t table] -[LFZ] [chain] [options]
       arptables [-t table] -[NX] chain
       arptables [-t table] -E old-chain-name new-chain-name
       arptables [-t table] -P chain target [options]

DESCRIPTION

       arptables  is a user space tool, it is used to set up and maintain the tables of ARP rules in the Linux kernel. These rules inspect the ARP
       frames which they see.  arptables is analogous to the iptables user space tool, but arptables is less complicated.

   CHAINS
       The kernel table is used to divide functionality into different sets of rules. Each set of rules is called  a  chain.   Each  chain  is	an
       ordered list of rules that can match ARP frames. If a rule matches an ARP frame, then a processing specification tells what to do with that
       matching frame. The processing specification is called a 'target'. However, if the frame does not match the current rule in the chain, then
       the  next rule in the chain is examined and so forth.  The user can create new (user-defined) chains which can be used as the 'target' of a
       rule.

   TARGETS
       A firewall rule specifies criteria for an ARP frame and a frame processing specification called a target.  When a  frame  matches  a  rule,
       then  the  next	action performed by the kernel is specified by the target.  The target can be one of these values: ACCEPT, DROP, CONTINUE,
       RETURN, an 'extension' (see below) or a user-defined chain.

       ACCEPT means to let the frame through.  DROP means the frame has to be dropped.	CONTINUE means the next rule has to be checked.  This  can
       be  handy  to  know  how many frames pass a certain point in the chain or to log those frames.  RETURN means stop traversing this chain and
       resume at the next rule in the previous (calling) chain.  For the extension targets please see the TARGET EXTENSIONS section  of  this  man
       page.

   TABLES
       There  is  only	one  ARP table in the Linux kernel.  The table is filter.  You can drop the '-t filter' argument to the arptables command.
       The -t argument must be the first argument on the arptables command line, if used.

       -t, --table
	      filter, is the only table and contains two (Linux kernels 2.4.X) or three (Linux kernels 2.6.0 and  later)  built-in  chains:  INPUT
	      (for  frames  destined  for  the	host), OUTPUT (for locally-generated frames) and FORWARD (for frames being forwarded by the bridge
	      code). The FORWARD chain doesn't exist in Linux 2.4.X kernels.

ARPTABLES COMMAND LINE ARGUMENTS

       After the initial arptables command line argument, the remaining arguments can be divided into several different groups.  These groups  are
       commands, miscellaneous commands, rule-specifications, match-extensions, and watcher-extensions.

   COMMANDS
       The  arptables  command arguments specify the actions to perform on the table defined with the -t argument.  If you do not use the -t argu-
       ment to name a table, the commands apply to the default filter table.  With the exception of the -Z command, only one command may  be  used
       on the command line at a time.

       -A, --append
	      Append a rule to the end of the selected chain.

       -D, --delete
	      Delete the specified rule from the selected chain. There are two ways to use this command. The first is by specifying an interval of
	      rule numbers to delete, syntax: start_nr[:end_nr]. Using negative numbers is allowed, for more details about using negative numbers,
	      see the -I command. The second usage is by specifying the complete rule as it would have been specified when it was added.

       -I, --insert
	      Insert  the  specified rule into the selected chain at the specified rule number.  If the current number of rules equals N, then the
	      specified number can be between -N and N+1. For a positive number i, it holds that i and i-N-1 specify the same place in	the  chain
	      where  the rule should be inserted. The number 0 specifies the place past the last rule in the chain and using this number is there-
	      fore equivalent with using the -A command.

       -R, --replace
	      Replaces the specified rule into the selected chain at the specified rule number.  If the current number of rules equals N, then the
	      specified number can be between 1 and N. i specifies the place in the chain where the rule should be replaced.

       -P, --policy
	      Set the policy for the chain to the given target. The policy can be ACCEPT, DROP or RETURN.

       -F, --flush
	      Flush  the  selected chain. If no chain is selected, then every chain will be flushed. Flushing the chain does not change the policy
	      of the chain, however.

       -Z, --zero
	      Set the counters of the selected chain to zero. If no chain is selected, all the counters are set to zero. The  -Z  command  can	be
	      used  in	conjunction  with  the	-L command.  When both the -Z and -L commands are used together in this way, the rule counters are
	      printed on the screen before they are set to zero.

       -L, --list
	      List all rules in the selected chain. If no chain is selected, all chains are listed.

       -N, --new-chain
	      Create a new user-defined chain with the given name. The number of user-defined chains is unlimited. A user-defined chain  name  has
	      maximum length of 31 characters.

       -X, --delete-chain
	      Delete  the  specified  user-defined  chain.  There must be no remaining references to the specified chain, otherwise arptables will
	      refuse to delete it. If no chain is specified, all user-defined chains that aren't referenced will be removed.

       -E, --rename-chain
	      Rename the specified chain to a new name.  Besides renaming a user-defined chain, you may rename a standard chain  name  to  a  name
	      that suits your taste. For example, if you like PREBRIDGING more than PREROUTING, then you can use the -E command to rename the PRE-
	      ROUTING chain. If you do rename one of the standard arptables chain names, please be sure to mention this fact  should  you  post  a
	      question	on  the  arptables  mailing  lists.  It would be wise to use the standard name in your post. Renaming a standard arptables
	      chain in this fashion has no effect on the structure or function of the arptables kernel table.

   MISCELLANOUS COMMANDS
       -V, --version
	      Show the version of the arptables userspace program.

       -h, --help
	      Give a brief description of the command syntax.

       -j, --jump target
	      The target of the rule. This is one of the following values: ACCEPT, DROP, CONTINUE, RETURN, a target extension (see  TARGET  EXTEN-
	      SIONS) or a user-defined chain name.

   RULE-SPECIFICATIONS
       The  following command line arguments make up a rule specification (as used in the add and delete commands). A "!" option before the speci-
       fication inverts the test for that specification. Apart from these standard rule specifications there are some other command line arguments
       of interest.

       -s, --source-ip [!] address[/mask]
	      The Source IP specification.

       -d, --destination-ip [!] address[/mask]
	      The Destination IP specification.

       --source-mac [!] address[/mask]
	      The source mac address. Both mask and address are written as 6 hexadecimal numbers separated by colons.

       --destination-mac [!] address[/mask]
	      The destination mac address. Both mask and address are written as 6 hexadecimal numbers separated by colons.

       -i, --in-interface [!] name
	      The interface via which a frame is received (for the INPUT and FORWARD chains). The flag --in-if is an alias for this option.

       -o, --out-interface [!] name
	      The  interface  via  which  a  frame is going to be sent (for the OUTPUT and FORWARD chains). The flag --out-if is an alias for this
	      option.

       -l, --h-length length[/mask]
	      The hardware length (nr of bytes)

       --opcode code[/mask]
	      The  operation  code  (2	bytes).  Available  values  are:  1=Request  2=Reply  3=Request_Reverse  4=Reply_Reverse   5=DRARP_Request
	      6=DRARP_Reply 7=DRARP_Error 8=InARP_Request 9=ARP_NAK.

       --h-type type[/mask]
	      The hardware type (2 bytes, hexadecimal). Available values are: 1=Ethernet.

       --proto-type type[/mask]
	      The protocol type (2 bytes). Available values are: 0x800=IPv4.

   TARGET-EXTENSIONS
       arptables  extensions  are  precompiled into the userspace tool. So there is no need to explicitly load them with a -m option like in ipta-
       bles.  However, these extensions deal with functionality supported by supplemental kernel modules.

   mangle
       --mangle-ip-s IP address
	      Mangles Source IP Address to given value.

       --mangle-ip-d IP address
	      Mangles Destination IP Address to given value.

       --mangle-mac-s MAC address
	      Mangles Source MAC Address to given value.

       --mangle-mac-d MAC address
	      Mangles Destination MAC Address to given value.

       --mangle-target target
	      Target of ARP mangle operation (DROP, CONTINUE or ACCEPT -- default is ACCEPT).

MAILINGLISTS

       ebtables-user@lists.sourceforge.net
       ebtables-devel@lists.sourceforge.net

SEE ALSO

       iptables(8), ebtables(8), arp(8), rarp(8), ifconfig(8), route(8)

								    August 2007 						      ARPTABLES(8)
All times are GMT -4. The time now is 05:09 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy