Re: [gentoo-user] Iptables Tarpit
You could also just add the extensions USE flag to iptables and that should give you tarpit supportOn 3/7/06, Dave Jones [EMAIL PROTECTED] wrote:Erik Westenbroek wrote on 03/07/06 04:18: I am attempting create a tarpit to protect against SSH Brute force attempts.I tried this: --snip-- iptables -A SSH_Brute_Force -p tcp -j TARPIT After I type the last command typed I got this error message: iptables: No chain/target/match by that name What am I doing wrong?Hi ErikThe standard Gentoo-sources kernel does not include the TARPIT target.You need to pick up an updated kernel iptables source from netfilter.org, and install it as follows:I assume you have a subversion client already installed on your machine.cd /usr/srcPick up patch-o-matic-ng:svn co https://svn.netfilter.org/netfilter/trunk/patch-o-matic-ngPick up iptables source code:svn co https://svn.netfilter.org/netfilter/trunk/iptables Install kernel patches to iptables extra codecd patch-o-matic-ng./runme extraHere you can select the targets/filters (e.g TARPIT) you want patchinginto the kernel iptables modules. After installing patches you must regenerate your kernel and modules toactivate the patches, and then re-emerge iptables to pick up the kernelpatches.make menuconfigmake make modules_install make install Make sure that you have USE=extensions in your /etc/make.conf beforeyou emerge iptables, or it will ignore the new non-standard extensions. emerge iptablesThis worked for me. Cheers, Dave--gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Iptables Tarpit
Hi Andrew, Andrew Frink wrote on 03/08/06 14:57: You could also just add the extensions USE flag to iptables and that should give you tarpit support On 3/7/06, *Dave Jones* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Erik Westenbroek wrote on 03/07/06 04:18: I am attempting create a tarpit to protect against SSH Brute force attempts. I tried this: --snip-- iptables -A SSH_Brute_Force -p tcp -j TARPIT After I type the last command typed I got this error message: iptables: No chain/target/match by that name The standard Gentoo-sources kernel does not include the TARPIT target. You need to pick up an updated kernel iptables source from netfilter.org http://netfilter.org --- snip--- Simply adding extensions to your /etc/make.conf USE is not enough. Without the iptables kernel source updates you still won't have the TARPIT target, even though the iptables package will have support for support it in its library routines. Cheers, Dave -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Iptables Tarpit
ahh haven't really played that much with tarpit, thansk for clearing that up :-)On 3/8/06, Dave Jones [EMAIL PROTECTED] wrote:Hi Andrew,Andrew Frink wrote on 03/08/06 14:57: You could also just add the extensions USE flag to iptables and that should give you tarpit support On 3/7/06, *Dave Jones* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Erik Westenbroek wrote on 03/07/06 04:18: I am attempting create a tarpit to protect against SSH Brute force attempts.I tried this: --snip-- iptables -A SSH_Brute_Force -p tcp -j TARPIT After I type the last command typed I got this error message: iptables: No chain/target/match by that name The standard Gentoo-sources kernel does not include the TARPIT target. You need to pick up an updated kernel iptables source from netfilter.org http://netfilter.org --- snip--- Simply adding extensions to your /etc/make.conf USE is not enough.Without the iptables kernel source updates you still won't have theTARPIT target, even though the iptables package will have support for support it in its library routines.Cheers, Dave--gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Iptables Tarpit
I guess TARPIT is not in the default installation of iptables, Ill just use labrea. On 3/6/06, Ryan Tandy [EMAIL PROTECTED] wrote: Erik Westenbroek wrote: iptables: No chain/target/match by that name I don't see a chain or other target named TARPIT - it's not defined anywhere on the page you referenced as far as I see, so you may have to dig it up elsewhere. -- gentoo-user@gentoo.org mailing list -- Erik http://erikstotle.homelinux.org/ -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Iptables Tarpit
Erik Westenbroek wrote on 03/07/06 04:18: I am attempting create a tarpit to protect against SSH Brute force attempts. I tried this: --snip-- iptables -A SSH_Brute_Force -p tcp -j TARPIT After I type the last command typed I got this error message: iptables: No chain/target/match by that name What am I doing wrong? Hi Erik The standard Gentoo-sources kernel does not include the TARPIT target. You need to pick up an updated kernel iptables source from netfilter.org, and install it as follows: I assume you have a subversion client already installed on your machine. cd /usr/src Pick up patch-o-matic-ng: svn co https://svn.netfilter.org/netfilter/trunk/patch-o-matic-ng Pick up iptables source code: svn co https://svn.netfilter.org/netfilter/trunk/iptables Install kernel patches to iptables extra code cd patch-o-matic-ng ./runme extra Here you can select the targets/filters (e.g TARPIT) you want patching into the kernel iptables modules. After installing patches you must regenerate your kernel and modules to activate the patches, and then re-emerge iptables to pick up the kernel patches. make menuconfig make make modules_install make install Make sure that you have USE=extensions in your /etc/make.conf before you emerge iptables, or it will ignore the new non-standard extensions. emerge iptables This worked for me. Cheers, Dave -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Iptables Tarpit
Erik Westenbroek wrote: iptables: No chain/target/match by that name I don't see a chain or other target named TARPIT - it's not defined anywhere on the page you referenced as far as I see, so you may have to dig it up elsewhere. -- gentoo-user@gentoo.org mailing list