Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 22

Thread: iptables block attemtps

  1. #11
    Join Date
    Sep 2006
    Beans
    7,308
    Distro
    Lubuntu Development Release

    Re: iptables block attemtps

    Quote Originally Posted by dkardell View Post
    Lars, I'm not sure what you mean by your comment of: I do about the same thing, but on a single line. The default (last rule in the chain) I have for the chain is reject.
    I do the rate limiting with a single line, as shown above in #7.
    However, I allow in connections that don't exceed the rate limit and reject everything else. SSH connections that are under the limit are accepted, SSH connections that exceed the limit are ignored by that rule and it passes down the chain to the next rule(s) in the chain. If nothing else accepts the connection, then it hits the last rule in my chain which I have decided to be reject. It should be pointed out that there is a difference between drop and reject targets.

    http://www.chrisbrenton.org/2009/07/...ll-drop-rules/
    http://www.chiark.greenend.org.uk/~p...drop-vs-reject

  2. #12
    Join Date
    Nov 2012
    Beans
    10

    Re: iptables block attemtps

    Thanks again Doug.

    So will this stop these attacks or only those ssh's on port 22?

    Code:
    Failed password for root from 61.191.61.2 port 45805 ssh2
    pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.191.61.2  user=root
    Failed password for root from 61.191.61.2 port 47037 ssh2
    pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.191.61.2  user=root
    Failed password for root from 61.191.61.2 port 48096 ssh2
    pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.191.61.2  user=root
    Failed password for root from 61.191.61.2 port 48970 ssh2

  3. #13
    Join Date
    Nov 2012
    Beans
    10

    Re: iptables block attemtps

    Lars listed 2 interesting posts.

    According to them we should use REJECT rather than DROP.

    Comments?

  4. #14
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: iptables block attemtps

    I always use reject instead of drop now.

    I've run into issues when using drop instead of reject that causes programs to just keep trying to connect and just sit there. With reject set, the program spits out an error message saying it couldn't connect.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  5. #15
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    8,763
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: iptables block attemtps

    I solve this problem by blocking all SSH access and only allowing specified IP addresses that I control to connect. If I need a mobile connection, I use a static OpenVPN tunnel from my laptop to the server. I can count on one or at most two hands the number of IP addresses that need to connect legitimately to my servers. I suspect that's true for a lot of folks.
    If you ask for help, please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  6. #16
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: iptables block attemtps

    Quote Originally Posted by SeijiSensei View Post
    I solve this problem by blocking all SSH access and only allowing specified IP addresses that I control to connect. If I need a mobile connection, I use a static OpenVPN tunnel from my laptop to the server. I can count on one or at most two hands the number of IP addresses that need to connect legitimately to my servers. I suspect that's true for a lot of folks.
    I do the same minus the OpenVPN thing. If I know I will need to connect from a different IP than usual (traveling, relative's house, etc), I start a VM with only SSH installed on it and run it on a random high port. Both machines used keys for authentication, so I don't get too many hits from bad guys.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  7. #17
    Join Date
    Nov 2012
    Beans
    10

    Re: iptables block attemtps

    Quote Originally Posted by SeijiSensei View Post
    I solve this problem by blocking all SSH access and only allowing specified IP addresses that I control to connect. If I need a mobile connection, I use a static OpenVPN tunnel from my laptop to the server. I can count on one or at most two hands the number of IP addresses that need to connect legitimately to my servers. I suspect that's true for a lot of folks.
    Thanks, I think I'll move towards that. Being a newbie to Ubuntu and remote servers (just over a year now), I guess I'm worried that if my ISP changes my home IP then I won't be able to get into the system.

    I don't know much about OpenVPN but will educate myself on that as well.

  8. #18
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: iptables block attemtps

    Quote Originally Posted by dkardell View Post
    Thanks, I think I'll move towards that. Being a newbie to Ubuntu and remote servers (just over a year now), I guess I'm worried that if my ISP changes my home IP then I won't be able to get into the system.

    I don't know much about OpenVPN but will educate myself on that as well.
    Dynamic DNS would fix that problem. Check out no-ip or dyndns.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  9. #19
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    8,763
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: iptables block attemtps

    Quote Originally Posted by dkardell View Post
    Thanks, I think I'll move towards that. Being a newbie to Ubuntu and remote servers (just over a year now), I guess I'm worried that if my ISP changes my home IP then I won't be able to get into the system.

    I don't know much about OpenVPN but will educate myself on that as well.
    OpenVPN is an excellent solution to this problem. I run simple point-to-point tunnels with a shared static key. My server is out in the "cloud" at Linode and is configured to listen for an OpenVPN connection on a specified high port. At home I have a machine configured as a client that connects to the server and sets up the tunnel. It doesn't matter if my home IP changes since the client simply connects through the firewall. I do have to leave a high port open accepting UDP traffic for the tunnel, but that's not much of a vulnerability since even if you find the port you'd need my encryption key to exploit it.

    Here are the configuration files I use for future reference:

    Server:
    Code:
    dev tun
    ifconfig 10.1.1.1 10.1.1.20
    #up /etc/openvpn/add_routes
    secret /etc/openvpn/keys/my.key
    port 43434
    user nobody
    group nogroup
    ping 15
    ping-restart 45
    ping-timer-rem
    persist-tun
    persist-key
    verb 3
    no-replay
    Client:
    Code:
    dev tun
    remote myserver.example.com
    ifconfig 10.1.1.20 10.1.1.1
    port 43434
    secret /etc/openvpn/keys/my.key
    up /etc/openvpn/add_routes
    user nobody
    group nogroup
    ping 15
    ping-restart 45
    ping-timer-rem
    persist-tun
    persist-key
    verb 3
    They are essentially identical except that the client has the "remote" directive telling it where to connect, and the order of IP addresses in the "ifconfig" directive are reversed. The server assigns 10.1.1.1 to its tunnel interface and 10.1.1.20 to the client.
    Last edited by SeijiSensei; December 1st, 2012 at 02:41 AM.
    If you ask for help, please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  10. #20
    Join Date
    Nov 2012
    Beans
    10

    Re: iptables block attemtps

    so SeijiSensei help the newbie out here. Again I'm a programmer of some 30 years and have been playing around with Ubuntu for a little over a year and am now doing remote admin of a server via SSH. This whole thread started because of the number of sshd root failures I'm seeing for other ips. I've read over the OpenVPN stuff and really want to understand it but a bit worried that I may screw someithing up and lock myself out. I have heard about shared static key's but have slept since then. How do I go about using keys on my mac local and on a Ubuntu server hosted at Godaddy?

    Next what are your code examples above. Are scripts inside of executable files? or are these configs?

    Thanks!

    Dan]

Page 2 of 3 FirstFirst 123 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •