Use ipchains ASAP.
Going after all services are impossible when experimenting
unless you use this approach.
I block all ports 1-1023 except ones I use for my connection to
cable modem by using ipchains on gateway machine. (See atached
script for details. This is "ipmasq -l" output. You can get
my script to harden ipmasq package from
www.aokiconsulting.com/pub/ipmasq-fw.tar.gz
It may require some manual editting but should give you good start.)
---------------
FYI: My log has many unsuccessful atacks (excet known portscan on
NNTP by ISP), 21 ftp 111 sunrpc 53 nameserver (DNS) 510 ???
515 line printer spooler 109 POP version 2 are recent atttacks.
I used to get netbios (137-139) connections but not recently.
Maybe ISP is blocking them for windoze clients???
You will be surprized how many of these comes in.
Osamu
PS: I allow telnet. Do not laugh pls.
On Sun, Feb 18, 2001 at 02:00:47PM -0500, Glenn Becker wrote:
> solutions later, like ipchains/firewalls.
--
+ Osamu Aoki <[EMAIL PROTECTED]>, GnuPG-key: 1024D/D5DE453D +
+ Fingerprint: 814E BD64 3288 40E7 E88E 3D92 C3F8 EA94 D5DE 453D +
+ === http://www.aokiconsulting.com ======= Cupertino, CA USA === +
#: Interfaces found:
#: eth0 24.19.???.???/255.255.255.0
#: eth1 192.168.1.1/255.255.255.0
echo "0" > /proc/sys/net/ipv4/ip_forward
echo "0" > /proc/sys/net/ipv4/ip_always_defrag
/sbin/ipchains -P input DENY
/sbin/ipchains -P output DENY
/sbin/ipchains --no-warnings -P forward DENY
/sbin/ipchains -F input
/sbin/ipchains -F output
/sbin/ipchains --no-warnings -F forward
/sbin/ipchains -A input -j ACCEPT -i lo
/sbin/ipchains -A input -j DENY -i ! lo -s 127.0.0.1/255.0.0.0 -l
/sbin/ipchains -A input -j ACCEPT -i eth1 -d 255.255.255.255/32
/sbin/ipchains -A input -j ACCEPT -i eth1 -s 192.168.1.1/255.255.255.0
/sbin/ipchains -A input -j ACCEPT -i eth1 -d 224.0.0.0/4 -p ! tcp
/sbin/ipchains -A input -j DENY -i eth0 -s 192.168.1.1/255.255.255.0 -l
/sbin/ipchains -A input -j ACCEPT -i eth0 -d 24.19.???.???/32 ssh -p tcp
/sbin/ipchains -A input -j ACCEPT -i eth0 -d 24.19.???.???/32 auth -p tcp
/sbin/ipchains -A input -j ACCEPT -i eth0 -d 24.19.???.???/32 smtp -p tcp
/sbin/ipchains -A input -j DENY -i eth0 -s 24.0.0.0/8 -d 24.19.???.???/32 www
-p tcp
/sbin/ipchains -A input -j ACCEPT -i eth0 -d 24.19.???.???/32 www -p tcp
/sbin/ipchains -A input -j ACCEPT -i eth0 -d 24.19.???.???/32 telnet -p tcp
/sbin/ipchains -A input -j DENY -i eth0 -d 0.0.0.0/0 bootpc -p udp
/sbin/ipchains -A input -j DENY -i eth0 -d 24.19.???.???/32 nntp -s 24.0.0.0/8
-p tcp
/sbin/ipchains -A input -j DENY -i eth0 -d 0.0.0.0/0 1:1023 -p tcp -l
/sbin/ipchains -A input -j DENY -i eth0 -d 0.0.0.0/0 1:1023 -p udp -l
/sbin/ipchains -A input -j ACCEPT -i eth0 -d 255.255.255.255/32
/sbin/ipchains -A input -j ACCEPT -i eth0 -d 24.19.???.???/32
/sbin/ipchains -A input -j ACCEPT -i eth0 -d 24.19.???.255/32
/sbin/ipchains --no-warnings -A forward -j MASQ -i eth0 -s
192.168.1.1/255.255.255.0
/sbin/ipchains -A output -j ACCEPT -i lo
/sbin/ipchains -A output -j ACCEPT -i eth1 -d 192.168.1.1/255.255.255.0
/sbin/ipchains -A output -j ACCEPT -i eth1 -d 224.0.0.0/4 -p ! tcp
/sbin/ipchains -A output -j DENY -i eth0 -d 192.168.1.1/255.255.255.0 -l
/sbin/ipchains -A output -j ACCEPT -i eth0 -s 24.19.???.???/32 ssh -p tcp
/sbin/ipchains -A output -j ACCEPT -i eth0 -s 24.19.???.???/32 auth -p tcp
/sbin/ipchains -A output -j ACCEPT -i eth0 -s 24.19.???.???/32 smtp -p tcp
/sbin/ipchains -A output -j ACCEPT -i eth0 -s 24.19.???.???/32 www -p tcp
/sbin/ipchains -A output -j ACCEPT -i eth0 -s 24.19.???.???/32 telnet -p tcp
/sbin/ipchains -A output -j DENY -i eth0 -s 0.0.0.0/0 bootps -p udp
/sbin/ipchains -A output -j DENY -i eth0 -s 0.0.0.0/0 137:139 -p udp
/sbin/ipchains -A output -j DENY -i eth0 -s 0.0.0.0/0 137:139 -p tcp
/sbin/ipchains -A output -j DENY -i eth0 -s 0.0.0.0/0 1:1023 -p tcp -l
/sbin/ipchains -A output -j DENY -i eth0 -s 0.0.0.0/0 1:1023 -p udp -l
/sbin/ipchains -A output -j ACCEPT -i eth0 -s 24.19.???.???/32
/sbin/ipchains -A output -j ACCEPT -i eth0 -s 24.19.???.255/32
/sbin/ipchains -M -S 7200 10 160
/sbin/ipchains -A input -j DENY -s 0.0.0.0/0 -d 0.0.0.0/0 -l
/sbin/ipchains -A output -j DENY -s 0.0.0.0/0 -d 0.0.0.0/0 -l
/sbin/ipchains -A forward -j DENY -s 0.0.0.0/0 -d 0.0.0.0/0 -l
Warning: you must enable IP forwarding for packets to be forwarded at all:
Use `echo 1 > /proc/sys/net/ipv4/ip_forward'
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_always_defrag
/sbin/ipchains -M -S 7200 10 160
echo "1" > /proc/sys/net/ipv4/ip_forward
/sbin/ipchains -A input -j DENY -s 0.0.0.0/0 -d 0.0.0.0/0 -l
/sbin/ipchains -A output -j DENY -s 0.0.0.0/0 -d 0.0.0.0/0 -l
/sbin/ipchains -A forward -j DENY -s 0.0.0.0/0 -d 0.0.0.0/0 -l
