Top Posters
Top Uploaders
Users Online
Stats
Hacker bastards
Pages:<< prev 1 next >>
#1 May 2, 2003 11:11 am
kilroyMagician
GroupMembers
Posts122
JoinedMay 1, 2002
Heya guys
I had a little problem with a hacker - and ended up having to nuke the old machine.
anyway - running redhat9.0 got the hosts.deny denying all except sshd (to select ips) ftpd(to select ip's)
and ALL: ALL
my question is whether or not you can allow telnetd to a specific port only?
ergo the port that I setaside for my mud?
if so how ?
Thanks
Kilroy
I had a little problem with a hacker - and ended up having to nuke the old machine.
anyway - running redhat9.0 got the hosts.deny denying all except sshd (to select ips) ftpd(to select ip's)
and ALL: ALL
my question is whether or not you can allow telnetd to a specific port only?
ergo the port that I setaside for my mud?
if so how ?
Thanks
Kilroy
#2 May 4, 2003 5:30 am
SamsonBlack Hand
GroupAdministrators
Posts3,706
JoinedJan 1, 2002
Yes, I believe you can. However since I'm not at my machine right now I can't look into it. If Trax happens across this post before I get a chance to check on this then perhaps he can answer
#3 May 6, 2003 2:13 am
Guest - (Unregistered)
Okay.. nice general responce for everyone, in Kilroy's specific case I'd rather go over it by private e-mail (and you should have an e-mail from me Kilroy ) discussing ones security setup publically is not something you do
Anywho, in general case I'd use a firewall specifically for this job. Firstly, you won't just shield services if you just turn everything onto deny and then just open up specific ports for specific protocols in specific directions.
Firewalls can look rather overwhelming at first glace, but once you start working with some of the simpler rules you can get along with most of them quite easily. RH comes with iptables, as should most distro's with a 2.4 kernel (its the optional netfilter stuff if you compile your own kernel) Most HOWTOs on the subject do pretty well on explaining the various options iptables provides. For example..
would set the default policy for INPUT (one of the primary targets), or all incoming packets to DROP. Which means incoming packets by default would drop (DO NOT EXECUTE THIS ON A REMOTE MACHINE BEFORE YOU SETUP OTHER RULES) the following line allows related and established connections in and the last ACCEPTs on port 80 for the IP address w.x.y.z (note it accepts only TCP connections, web traffic doesn't need UDP so we don't allow it )
Ideally (as per my warning) you should execute those command in reverse order, otherwise if it is a remote machine you cut yourself off when you drop all INPUT packets. This is only an example, also I haven't mentioned the OUPUT (the packets going out from the machine) and the FORWARD (the packets you are routing for another, which you don't do unless you are a router/gateway machine) targets, which can accept similar rules just applied to packets travelling in different ways.
In essence you can allow ports as you wish on your local IP, and even specify who remotely can access them (using a source IP option). I'm no firewall expert, but I have setup a few in the past and can assist in the setup of simple firewalls if you want, but I dislike discussing specific security requirements/setup on a public forum.
I also recommend you try to understand what a firewall does and how it works. Reading material can be found at The Linux Documentation Project, and also there is the NetFilter/iptables Homepage. These are specific to iptables, rather than firewalls in general, but they should help nonetheless.
Anywho, in general case I'd use a firewall specifically for this job. Firstly, you won't just shield services if you just turn everything onto deny and then just open up specific ports for specific protocols in specific directions.
Firewalls can look rather overwhelming at first glace, but once you start working with some of the simpler rules you can get along with most of them quite easily. RH comes with iptables, as should most distro's with a 2.4 kernel (its the optional netfilter stuff if you compile your own kernel) Most HOWTOs on the subject do pretty well on explaining the various options iptables provides. For example..
iptables -P INPUT DROP
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -d w.x.y.z -p tcp -m tcp --dport 80 -j ACCEPT
would set the default policy for INPUT (one of the primary targets), or all incoming packets to DROP. Which means incoming packets by default would drop (DO NOT EXECUTE THIS ON A REMOTE MACHINE BEFORE YOU SETUP OTHER RULES) the following line allows related and established connections in and the last ACCEPTs on port 80 for the IP address w.x.y.z (note it accepts only TCP connections, web traffic doesn't need UDP so we don't allow it )
Ideally (as per my warning) you should execute those command in reverse order, otherwise if it is a remote machine you cut yourself off when you drop all INPUT packets. This is only an example, also I haven't mentioned the OUPUT (the packets going out from the machine) and the FORWARD (the packets you are routing for another, which you don't do unless you are a router/gateway machine) targets, which can accept similar rules just applied to packets travelling in different ways.
In essence you can allow ports as you wish on your local IP, and even specify who remotely can access them (using a source IP option). I'm no firewall expert, but I have setup a few in the past and can assist in the setup of simple firewalls if you want, but I dislike discussing specific security requirements/setup on a public forum.
I also recommend you try to understand what a firewall does and how it works. Reading material can be found at The Linux Documentation Project, and also there is the NetFilter/iptables Homepage. These are specific to iptables, rather than firewalls in general, but they should help nonetheless.
Pages:<< prev 1 next >>