David Mair has published a simple Linux firewall configuration tutorial. He will walks you through the creation of a simple iptables firewall explaining how it works along the way. From the article: Most major Linux distributions, SuSE ones included, feature some user interface for firewall configuration. There’s nothing wrong with them but I couldn’t get […]
libwww-perl (LWP) is fine WWW client/server library for Perl. Unfortunately this library used by many script kiddy, crackers, and spam bots. Verify bots… Following is a typical example, you will find in your apache or lighttpd access.log log file: $ grep ‘libwww-perl’ access.log OR $ grep ‘libwww-perl’ /var/log/lighttpd/access.log Output: 220.127.116.11 www.domain.com – [23/Oct/2006:22:24:37 +0000] “GET […]
Someone recently asked me a question: How can I save time and script size by specifying a range of IP addresses or ports using iptables? In old version of iptables IP address ranges are only valid in the nat table (see below for example). However newer version does support option that allows you to specify […]
It is true that connections to remote X Window servers should be always made over SSH. SSH supports X windows connections. So my task was allow X over ssh but block unprivileged X windows mangers TCP ports. The first running server (or display) use TCP port 6000. Next server will use 6001 and so on […]
From my mail bag: How do I accept CIPE connection requests coming from the outside? CIPE stands for Crypto IP Encapsulation (see howto Establishing a CIPE Connection) . It is used to configure an IP tunneling device. For example, CIPE can be used to grant access from the outside world into a Virtual Private Network […]
Someone might attack on your Linux based system. You can drop attacker IP using IPtables. However, you can use route or ip command to null route unwanted traffic. A null route (also called as blackhole route) is a network route or kernel routing table entry that goes nowhere. Matching packets are dropped (ignored) rather than forwarded, acting as a kind of very limited firewall. The act of using null routes is often called blackhole filtering.
You can nullroute (like some time ISP do prevent your network device from sending any data to a remote system) stopping various attacks coming from a single IP (read as spammers or hackers) using the following syntax on a Linux based system.