Here is a good document about iptables / firewalling: http://www.knowplace.org/netfilter/index.html
Linux on 390 Port <[email protected]> írta 2005.04.13 01:23:47 időpontban: > Hello from Gregg C Levine > I should. However, my problem is that I can't find an easy to > understand explanation for setting up IPTABLES. I can provide one > clew. So far, that worm is not causing any more attacks. It's as if it > had stopped. For that explanation can you point to one? > ------------------- > Gregg C Levine [EMAIL PROTECTED] > ------------------------------------------------------------ > "The Force will be with you...Always." Obi-Wan Kenobi > "Use the Force, Luke." Obi-Wan Kenobi > > > -----Original Message----- > > From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf > Of > > McKown, John > > Sent: Tuesday, April 12, 2005 5:35 PM > > To: [email protected] > > Subject: Re: [LINUX-390] SSH based attacks > > > > > -----Original Message----- > > > From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On > > > Behalf Of Gregg C Levine > > > Sent: Tuesday, April 12, 2005 4:04 PM > > > To: [email protected] > > > Subject: SSH based attacks > > > > > > > > > Hello from Gregg C Levine > > > Of the systems that run Linux, how many of you have them directly > > > accessible to the Internet? > > > > > > As all of you know, I run Slackware Linux here, for Intel, > practically > > > every day the system is on, I see people attempting to access the > > > system via SSH from unknown, to it, IP addresses. > > > > > > Are any of you seeing these happen? And what are you doing to > prevent > > > such access? > > > > Hum, if SSH is restricted to specific hosts, I'd just use "iptables" > to > > "drop the packets on the ground" from any other IP addresses. That's > > what I do at home. Also, I don't respond to "pings" from outside. > > Another thing to consider is to set up a single system which allows > SSH > > from outside. All the others "stand mute". If somebody needs to ssh > to a > > different server, they ssh to the internet SSH server, then ssh from > > there to the actual server they need. And never let root ssh in. If > > somebody needs root (why?), then ssh to a normal user and "su" (or > sudo) > > to do root work. > > > > I'll bet you already do that. I just thought I'd say it "just in > case". > > > > > > -- > > John McKown > > Senior Systems Programmer > > UICI Insurance Center > > Information Technology > > > > This message (including any attachments) contains confidential > > information intended for a specific individual and purpose, and its' > > content is protected by law. If you are not the intended recipient, > you > > should delete this message and are hereby notified that any > disclosure, > > copying, or distribution of this transmission, or taking any action > > based on it, is strictly prohibited. > > > > > ---------------------------------------------------------------------- > > For LINUX-390 subscribe / signoff / archive access instructions, > > send email to [EMAIL PROTECTED] with the message: INFO LINUX- > > 390 or visit > > http://www.marist.edu/htbin/wlvindex?LINUX-390 > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
