my profile | my password | search | faq & rules | forum home

» Film-Tech Forum ARCHIVE   » Community   » Film-Yak   » Linux and multiple connections

Author Topic: Linux and multiple connections Dominic Espinosa Phenomenal Film Handler Posts: 1172 From: Boulder Creek, CA. Registered: Jan 2004 posted 05-08-2005 07:18 PM                     Hello again to the linux fans... I've got this box I've been getting rediculous amounts of brute force attacks on...3 from Korea, 1 from Taiwan and 1 from some dingbat on Comcast. I figure the best route to go is to drop ANY ip address attempting to connect (and failing of course) a set amount of times in a set amount of seconds, say, 10 concurrent connections sets a firewall rule to DROP anything from you for 24 hours or something. Does anyone know of a method of doing this with netfilter or should I start trying to code a script for it? It seems to me there's already a function in netfilter to do such a thing but I havn't run across it yet... Thanks.  |  IP: Logged John Walsh Film God Posts: 2490 From: Connecticut, USA, Earth, Milky Way Registered: Oct 1999 posted 05-08-2005 08:15 PM                     I thought many routers had a simple firewall where you could enter IP address' to ignore. (I'm assuming you have a cable modem and router, or are you using a PC for that?)  |  IP: Logged Gilbert Travin Expert Film Handler Posts: 101 From: Villeurbanne / France Registered: Jan 2004 posted 05-09-2005 02:58 AM                        Hello ! You may use the command "iptables" (you must be "root" before using this command). !!!!! Be carefull : if you are not a "root" specialist, you may damage irremediably your system !!!!! The better is to search help on the web or to read linux users forums or to read linux documentation before trying to modify ip configurations  |  IP: Logged Mark Hajducki Jedi Master Film Handler Posts: 500 From: Edinburgh, UK Registered: May 2003 posted 05-09-2005 04:53 AM                     What access do you (or other people) need from the internet at large? If no access is needed then a router firewall could be set to refuse all incoming connections. For some access it could only direct traffic to the appropriate port. If you only have a few users the firewall could be set to allow only certain IP address/ranges.  |  IP: Logged Scott Norwood Film God Posts: 8146 From: Boston, MA. USA (1774.21 miles northeast of Dallas) Registered: Jun 99 posted 05-09-2005 07:51 AM                        You probably want snort: http://www.snort.org/ Having said that, I will question what you are trying to accomplish. Portscans and the like are pretty much harmless and, unless they constitute denial-of-service attacks by consuming excessive amounts of bandwidth, aren't really worth worrying about. Your time is likely better spent turning off services that you don't need and keeping the services that you do need updated and patched. Most Linux systems come with a bunch of services which have historically had security issues (sendmail, rpc, the R-commands, NNTP, POP3, IMAP, etc.) turned on by default; most end-users will never need these services and should turn them off. If you are running relatively few public services (ssh, maybe ftp and/or http) and have those services properly configured and patched, then there is no reason to worry about people running "script-kiddie" tools against your network.  |  IP: Logged Dean Kollet Jedi Master Film Handler Posts: 591 From: Florida State University Registered: Jul 2003 posted 05-09-2005 10:33 AM                     I have mine set up like this.... Cable modem -> Linux Server -> Router. I have two NIC cards on my linux box and I run iptables. Search around online on how to configure it, you can lock it down very tight that way. Even if you just want it to be on the one computer, it's still awesome.  |  IP: Logged Dominic Espinosa Phenomenal Film Handler Posts: 1172 From: Boulder Creek, CA. Registered: Jan 2004 posted 05-09-2005 03:05 PM                     I should have specified... The server is one I administer for a mid-size transportation business who hosts their own e-mail and website from this server. I typically wouldn't worry about it however I don't trust the users to proplerly maintain their passwords. Thus far I've had no intrusions but I'd feel much better about it if I could restrict any access whatsoever to someone who connections 10 times in 10 seconds to the same port. This would make my life easier. [ edit: found an answer! ] The answer is of course the limit and iplimit options for IPTables. -A INPUT -p tcp -m state --state NEW --dport 22 -i eth1 -m limit --limit 2/minute --limit-burst 2 -j DROP 2 concurrent connections in 2 minutes are allowed, any more and you get dropped. Since I'm the only one administering this system remotely I'll just have to remember to wait 2 minutes to start a secondary ssh session, in the mean time, it'll ban those pesky brute force password crackers. ...At least the one's I havn't -j RETURN'd yet [ 05-09-2005, 08:42 PM: Message edited by: Dominic Espinosa ]  |  IP: Logged

All times are Central (GMT -6:00)

Printer-friendly view of this topic

Hop To: Select a Forum: Category: Operations -------------------- Digital Cinema Forum Film Handlers' Forum Large Format Forum Ground Level Feature Info, Trailer Attachments & REAL Credit Offsets Category: Community -------------------- Film-Yak Film Handlers' Movie Reviews The Afterlife Bob Maar's Joke-A-Thon Category: Classified -------------------- Equipment and Supplies Wanted/For Sale Help Wanted/Seeking Employment Category: System -------------------- Software Beta Testing Forum

The Film-Tech Forums are designed for various members related to the cinema industry to express their opinions, viewpoints and testimonials on various products, services and events based upon speculation, personal knowledge and factual information through use, therefore all views represented here allow no liability upon the publishers of this web site and the owners of said views assume no liability for any ill will resulting from these postings. The posts made here are for educational as well as entertainment purposes and as such anyone viewing this portion of the website must accept these views as statements of the author of that opinion and agrees to release the authors from any and all liability.