Hello Houman,
> Depends on what exactly you're doing on your server. It's not possible to
> give you a generalized answer.
That's what I think.
Am 14.10.19 um 20:49 schrieb Houman:
> Hello Noel,
>
> I just tried the suggested solution below and sadly it blocks the entire VPN.
>
> iptables -I
Hello Noel,
I just tried the suggested solution below and sadly it blocks the entire
VPN.
iptables -I FORWARD 2 -d 192.168.0.0/16 -j REJECT
iptables -I FORWARD 2 -d 172.16.0.0/12 -j REJECT
iptables -I FORWARD 2 -d 10.0.0.0/8 -j REJECT
Unless I have inserted the rules at the wrong spot, it
Hello Houman,
Depends on what exactly you're doing on your server. It's not possible to give
you a generalized answer.
You shouldn't script with iptables though. Use iptables-save and -restore (save
prints out a serialised form of your loaded iptables rules, restore loads data
in said form).
Hello Noel,
It's a bare-metal server that I'm renting (it's not a virtual server) so I
assume that it should be in its own private subnet. I have tried to follow
up with them, but their support doesn't communicate very well in English.
All I could gather is the following:
1) Based on the ROOT
Hello Houman,
You can do that. I wonder though why that is a problem. Are they providing a
private subnet on the link of your server?
Kind regards
Noel
Am 14.10.19 um 12:03 schrieb Houman:
> Hi Noel,
>
> That makes sense, thank you.
>
> I received a followup email from our server provider
Hi Noel,
That makes sense, thank you.
I received a followup email from our server provider (about a new
netscan attempt
from one of our users today).
"""
We would recommend that you set up a local firewall and block outgoing
traffic to the following prefixes
https://tools.ietf.org/html/rfc1918
Hello Houman,
Depends on if you have a whitelist or blacklist rule set.
With the ruleset you have provided in this email, you need to accept the stuff
you want. So up to 5 new connections per second.
Kind regards
Noel
Am 14.10.19 um 10:40 schrieb Houman:
> Hi Noel,
>
> Actually based on my
Hi Noel,
Actually based on my firewall config, I think I have to DROP it instead of
ACCEPT if it's over the 5/sec limit? Don't you agree?
iptables -I FORWARD 2 -m conntrack --ctstate NEW -m hashlimit
--hashlimit-name NETSCAN --hashlimit-mode srcip --hashlimit-srcmask 32
--hashlimit-above 5/s -j
Hello Noel,
Thanks for your solution, I just tried it:
iptables -I FORWARD 2 -m conntrack --ctstate NEW -m hashlimit
--hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-upto 5/s -j ACCEPT
But I got this error message:
iptables v1.6.1: hashlimit: option "--hashlimit-name" must be
Hello Houman,
A "netscan" attack isn't actually anything worthy of an abuse email.
It's not part of a benign usage pattern of a VPN service, but it itself isn't
illegal or anything.
You can only slow down such scans by rate limiting the number of new
connections using the hashlimit match
Sorry I mistyped. I meant Netscan.
The abuse message was saying: *NetscanOutLevel: Netscan detected from
xx.xx.xx.xx*
This is possible though, that VPN users run a netscan and scan the ports.
Am I correct?
Thanks,
On Tue, 30 Jul 2019 at 15:30, Thor Simon wrote:
> I don't think netstat does
I don't think netstat does what you think it does. It is a _local_ tool.
Perhaps the "abuse notification" you received is a phishing attack?
Hae a look at the manual page:
http://manpages.ubuntu.com/manpages/trusty/man8/netstat.8.html
From: Houman
Sent: Jul
12 matches
Mail list logo