Mailing List
Home
Forum Home
Linux - General Red Hat Linux discussion list
Installation - Getting started with Red Hat Linux
Enterprise Linux 3 - Discussion of Red Hat Enterprise Linux 3 (Taroon)
Red Hat Linux 9 - Discussion of Red Hat Linux 9 (Shrike)
Red Hat Linux 7.3 - Discussion of Red Hat Linux 7.3 (Valhalla)
Red Hat Linux 7.2 - Discussion of Red Hat Linux 7.2 (Enigma)
Apache Web Server
Oracle database, Microsoft SQL server ...
Subjects
application/x mplayer2 plugin
RPM error: db4 error(16) from dbenv >remove: Device or resource
   busy
Command stream end of file while reading
X Windows problem (xauth)
Upgrading openoffice 1 1 rpm
FTP: connection refused
FTP: connection refused
mount: /dev/cdrom: is not a valid block device
Dell Precision 650, RedHat 9, no sound
how to trace the cause resulting in the crash of bind server
Virus on the list
UNINSTALL RPM MYSQL
usb pen drives: mounting as a user
broadcom network interface
make mrproper
sendmail configuration on redhat
Couldn 't open PID file /var/run/named/named pid Permission denied
Promise 378 controller
kernel 2 6 and /dev/sound/mixer not found
Problem using up2date
mrtg step by step howto/configuration for a newbie?
Compiling and Installing Kernel 2 6
Can 't locate module ppp0, can 't locate module ppp compress 21
HOW I CAN MAKE BOOTABLE FLOPPY DISKET
Lotus Notes under Wine
/etc/security/limits conf question
Intel E/1000 driver
Command stream end of file while reading
rpm database corrupt
qla2300 modules
 
SSH Dictionary Attacks (does not work with EL3)

SSH Dictionary Attacks (does not work with EL3)

2006-01-12       - By bob

 Back
Reply:     1     2     3     4     5     6     7     8     9     10     >>  

i should learn to read before hitting send.
my eth0 looks like this...
#!/bin/bash
# rc.firewall script

# Set these variables
IPTABLES="/sbin/iptables"
INET_IFACE="eth0"
IP_NS1="1.2.3.4"

# Flush tables
/bin/echo "Flushing tables..."
$IPTABLES -F

# Set default policies for the INPUT, FORWARD and OUTPUT chains
/bin/echo "Setting default policies..."
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP
$IPTABLES -P FORWARD DROP


# Traverse the INPUT chain
/bin/echo "Assembling the INPUT chain..."
$IPTABLES -A INPUT -p ALL -m state --state INVALID -j DROP
$IPTABLES -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
$IPTABLES -A INPUT -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -p TCP  -m recent --update --seconds 60 --hitcount 4 -j
DROP
#sshd
$IPTABLES -A INPUT -p TCP -i $INET_IFACE -s 0/0 -d 2.3.4.5 --dport 223 -j
ACCEPT

misfire on the first post.

my .02
-bob

-- -- Original Message -- --
From: "Rainer Traut" <tr.ml@(protected)>
To: "Red Hat Enterprise Linux 4 (Nahant) Discussion List"
<nahant-list@(protected)>
Cc: <taroon-list@(protected)>
Sent: Thursday, January 12, 2006 4:09 AM
Subject: Re: SSH Dictionary Attacks (does not work with EL3)


> Hi,
>
> Thomas Cameron schrieb:
>> I know there are probably a million better ways to do this, but I just
>> ran the following two commands on all my Internet facing machines:
>>
>> iptables -I INPUT -p tcp --dport 22 -m state --state NEW \ -m
>> recent --update --seconds 60 --hitcount 4 -j DROP
>>
>> iptables -I INPUT -p tcp --dport 22 -m state --state NEW \ -m
>> recent --set
>>
>> I got them from http://www.debian-administration.org/articles/187 and
>> they seem to work quite nicely.
>
> Thx, for this.
> But I have couple of EL3 servers where I wanted to do this.
> But EL3 does not seem to work:
>
> iptables v1.2.8: Couldn't load match
> `recent':/lib/iptables/libipt_recent.so: cannot open shared object file:
> No such file or directory
>
> find /lib/ -iname "*recent*"
> shows:
> /lib/modules/2.4.21-37.ELsmp/kernel/net/ipv4/netfilter/ipt_recent.o
>
> I can modprobe the module, but that's all.
> Is there a workaround for this?
>
> Thx
> Rainer
>
> --
> Taroon-list mailing list
> Taroon-list@(protected)
> https://www.redhat.com/mailman/listinfo/taroon-list

--
Taroon-list mailing list
Taroon-list@(protected)
https://www.redhat.com/mailman/listinfo/taroon-list