All Questions
43
questions
0
votes
0
answers
102
views
should i block all ping requests?
My intention is seek for protection, no needed to be a server, so i whant to avoid all kinds of SSDP, i've found some codes and need to know if its enough or too much:
iptables -I INPUT 1 -p icmp -j ...
0
votes
0
answers
54
views
Is it possible to connect a WiFi route to some server and forward every connection to that server?
I'm facing some package loss issues I'm having in my home-network. I'm looking at some log entries and some game reports I've detected, a somewhat strange IP route added, and a snort made me some ...
0
votes
0
answers
301
views
Diference between IPTABLES RAW PREROUTING and MANGLE PREROUTING
I'm looking for configs to prevent DDoS attacks and UPnP Flood, since I've started to create rules, every advice was to add rules to filter table, but it takes too much CPU process, so started to ...
0
votes
1
answer
619
views
DDoS Attack - Iptables bad configuration
I have Ubuntu 20.04.4 LTS. I am under a DDoS attack and don't know how to limit the connections made by multiple IP's (avobe 500).
I saw some post, like this or this, but don't know how to follow the ...
0
votes
1
answer
78
views
Whitelisting friends' dynamic IPs w/o much extra effort from them
I'm running a small https webserver using a Javascript-based program that I've heard isn't super secure. Fortunately, I only want a couple of friends to be able to access it - unfortunately they're ...
0
votes
0
answers
286
views
Fail2Ban vulnerability after reboot
I am very happy with fail2ban for protecting my server except for one issue. After a reboot, each banned ip address is added to iptables one at a time. On one server, I have about 7500 permanently ...
- 1
2
votes
1
answer
248
views
Adding negation to the time match of iptables. What does it mean?
I want to allow access to traffic only from 07:00 to 15:00.
I want to use negation since I have other iptables rules.
Does using negation in the following exemple meet my requirements about time slot?...
- 507
2
votes
1
answer
2k
views
iptables string match does not work whe the --to option is < 52
when I enter iptables rule which match string and the --to option is >= 52
example
iptables -I FORWARD 1 -m string --string anypattern --algo bm --to 100 -j DROP
The above works properly and ...
- 507
2
votes
0
answers
131
views
block flow with iptables
To block packets containing some string we use the following iptables rule:
iptables -I FORWARD 1 -p tcp --dport 80 -m string --string anypattern --algo bm -j DROP
This will block the packet ...
- 507
0
votes
1
answer
515
views
iptables block fragmented flow that contain specific string
I want to block traffic that contain specific string "anypattern".
I know that the right iptables rule for that is:
iptables -m string --algo bm --string "anypattern" -j DROP
The problem that the ...
- 507
3
votes
1
answer
1k
views
How to block specific ip address while being attacked by hping3?
I am working on a project of cybersecurity and I am sending from Kali Linux an attack to an Ubuntu VM with the following command:
sudo hping3 -c 15000 -d 300 -w 64 -p 22 --flood 192.168.40.40
I have ...
- 152
4
votes
1
answer
2k
views
How to configure UFW Ubuntu server for Kamailio SIP Server?
I need to configure UFW or iptables to secure Kamailio on my ubuntu server.
I followed this kamailio-security but I don't know how to configure it.
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:...
- 302
1
vote
1
answer
441
views
CVE-2019-11479 convert iptables command to ufw format
I'm trying to apply the iptables workaround for the following CVE. The iptables command provided
sudo iptables -A INPUT -p tcp -m tcpmss --mss 1:500 -j DROP
works but we are unfortunately using ufw,...
- 111
1
vote
1
answer
688
views
ip6tables - configuration
I'm creating another thread for my ip6tables config.
ip6tables -F
ip6tables -X
ip6tables -t nat -F
ip6tables -t nat -X
ip6tables -t mangle -F
ip6tables -t mangle -X
ip6tables -P INPUT DROP
ip6tables -...
- 17
-1
votes
1
answer
473
views
IPtables configuration
First, i'm sorry for my english, not my first language.
I was wondering about IPtables. I read a lot of articles and posts about it, and thought i understood it at least a bit.
I spent hours trying ...
- 17
17
votes
3
answers
46k
views
How do I allow multiple ports simultaneously in UFW?
I've installed a new Ubuntu 16.04 and enabled ufw:
ufw enable
I tried these ways to unfilter multiple ports at once:
ufw allow 22/tcp 25/tcp 80/tcp 443/tcp 9000/tcp
ufw allow 22/tcp, 25/tcp, 80/tcp,...
3
votes
1
answer
326
views
Can sshguard filter TCP+UPD ports? If so, how to prevent that?
I understand that sshguard guards from Brute Force Attacks on SSH, but does it also serve a iptables manager to filter TCP+UPD ports?
I could indeed use ufw to filter all ports, then unfilter the ...
2
votes
1
answer
176
views
sshguard - must a user declare behavior rules?
From this answer I understand that sshguard does include a default behavior that should suit most users, at least those with minimal webserver environments, yet it wasn't clear to me from the ...
2
votes
1
answer
1k
views
Need help with IP Tables rule to filter by Hex
I'm setting up a server and I need to make an specific configuration. I have to drop an specific packet which always starts with XX 01. I can do this, with this rule:
sudo iptables -A INPUT -p tcp --...
- 21
0
votes
2
answers
3k
views
How to auto ban an IP when he access some ports?
I have a vps, which host some service only I used.
Today, I found someone scaning my vps by
netstat -ntu | awk '{print $5}' |sort | uniq -c | sort -n
And found some result(I have removed my ip from ...
- 2,411
1
vote
1
answer
6k
views
How to block everything except http(s) and DNS in iptables?
I want to setup firewall on my Ubuntu machine, to specifically block everything in and out except ports 80/443 for browsing, and 53 for resolving DNS, I tried but no result.
Now Im using UFW which ...
- 79
1
vote
1
answer
2k
views
how to update iptables-persistent?
After installing iptables-persistent I see:
ubuntu@dur:~$
ubuntu@dur:~$ cat /etc/iptables/rules.v4
# Generated by iptables-save v1.6.0 on Wed Jan 11 14:36:17 2017
*filter
:INPUT ACCEPT [251:16508]
:...
- 4,571
5
votes
3
answers
8k
views
Remote Access Trojan in Ubuntu?
Introduction
Hello, I'm kinda new to Ubuntu but I have switched to it from windows since I have heard that its more secure and more virus-free in the last few months I have read a lot about computer ...
- 1,217
2
votes
1
answer
2k
views
Correctly limit IP connections
I asked many questions about this same subject, for example: here, and here.
The answer said I should set up the rule like this:
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ...
- 185
1
vote
1
answer
265
views
i have massive attack on port in my server
i have Ubuntu 15.4 server i open a port with number 20000 i got massive ddos attack on this port i typed in terminal
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
to ...
- 185
0
votes
0
answers
321
views
How to use iptables to prevent repeated attacks on port 80?
There a is massive attack on port 80 on my Server i try to use iptable This way to banned attackers
iptables -A INPUT -s 212.252.96.128 -j DROP
but there are too many IPs attacking how to prevent ...
- 185
0
votes
1
answer
1k
views
Hamachi is able to ignore firewall
Hello I recently installed Hamachi and Haguichi. I created a network and my friend joined. So I hosted a game and the port was 1100, I think, but the problem is that he was able to join althrough I ...
- 403
0
votes
1
answer
9k
views
Block all but one ip address
I need to allow access to only one IP address and block the rest, so I wrote the following:
sudo iptables -F
sudo iptables -A INPUT -s ipaddress -j ACCEPT
sudo iptables -A INPUT -j DROP
sudo iptables ...
- 145
0
votes
1
answer
523
views
Help writing server script to ban IP's from a list
I have a VPS that I use as an openvpn and web server. For some reason, my apache log files are filled with thousands of these hack attempts:
"POST /xmlrpc.php HTTP/1.0" 404 395
These attack attempts ...
- 1,676
5
votes
1
answer
21k
views
linux command to prevent dos attack by using netstat and iptables
I want to DROP more than 200 requests per ip to prevent ddos attack.
this is command that i used to detect requests count per ip :
netstat -alpn | grep :80 | awk '{print $5}' |awk -F: '{print $(NF-1)}...
2
votes
3
answers
2k
views
How can I create a hardened Virtualbox image for PenTesting?
As a serious security researcher, I'm looking for an answer to securing a Ubuntu installation against unwanted intrusion. This should include how I can:
Log and alert remote connection attempts,
Log ...
- 1,028
3
votes
2
answers
10k
views
Help! My server has been hacked - .IptabLes and .IptabLex in /boot [closed]
I'm running a Ubuntu 6.06 dapper server and it has been hacked. I'll admit up front here that I'm a programmer and not a system administrator so even though I've worked with Unix/Linux for years my ...
- 49
2
votes
2
answers
958
views
UFW and firewall
So I recently installed ubuntu and I have been working with it no problem.While browsing through the security guides (specifically: https://wiki.ubuntu.com/BasicSecurity) I noticed this: "enable the ...
- 23
10
votes
5
answers
14k
views
Fail2Ban or DenyHosts to block invalid username SSH login attempts
Is there a way to automatically block IP address when a user tries to login as any invalid username? I already have:
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
...
- 115
0
votes
1
answer
2k
views
xtables-addon installation failed
I have a server with ubuntu 12.04 and when I try to install xtables-addon with this command module-assistant auto-install xtables-addons-source I get this error
Bad luck, the kernel headers for the ...
- 669
2
votes
1
answer
6k
views
how to enable iptables tarpit?
I'm using ubuntu server 10.04 and I have to enable tarpit module .
I installed the followning packet :
aptitude install xtables-addons-common xtables-addons-source
module-assistant auto-install ...
- 669
1
vote
1
answer
6k
views
fail2ban is not sending mail when it bans an ip!
I have configured fail2ban to send me a mail when it bans an IP, but it is not working. I get a message when the jails start and stop but nothing else .
I am using ssmtp to send mail via Google Mail.
...
- 669
1
vote
1
answer
2k
views
Minimal LAMP iptables setup
What rules are needed for an Ubuntu LAMP server only having minimum necessary ports open.
- 963
3
votes
3
answers
4k
views
Why is Ubuntu permissive with outgoing connections by default?
I am pretty newbie to Linux, as most of computers for resources in my school use Linux, I just installed Ubuntu to learn.
By default iptables and ufw sets policy as under:
IPTABLES -P INPUT DROP
...
48
votes
3
answers
35k
views
potential ufw and fail2ban conflicts
Will running both fail2ban and ufw cause problems? I noticed that fail2ban modifies iptables rules, but ufw already has a ton of iptables rules defined... so I'm not sure if fail2ban will mess these ...
- 2,245
26
votes
7
answers
48k
views
How to secure ubuntu server from bruteforce ssh attacks?
I have my passwords secure, but I heard people complaining about perfomance of a server going down drastically when a bruteforce attack is taking place. How can I secure my ubuntu 10.10 server from ...
- 501
15
votes
4
answers
62k
views
38
votes
7
answers
100k
views
GUI for iptables?
I would like to secure my server and it seems that IPtables is one of the first steps. Unfortunately editing the rules in a terminal is a bit complicated and dangerous (those who ever did an iptables -...
- 1,259