firewall configuration

Sat Mar 27 18:32:14 EET 2004

On 2004-03-27 14:50, Stelios Bounanos <sb at dial.pipex.com> wrote:
>On Sat, 27 Mar 2004 12:46:03 +0200,
>Leonidas Tsabos <ltsampros at upnet.gr> was rumoured to have said:
>> To firewall etsi opos to exo stisei afti tin stigmi einai kapos etsi:
>> #To lo ta dexete ola.
>> iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -i lo -j ACCEPT
>
> iptables -A INPUT -i lo -j ACCEPT

Edw diafwnw kapws (oxi idiaitera, oxi epimona, alla ... kapws).  Kala
kanei kai dexetai mono paketa apo to 127.0.0.1 IP address pros to idio
IP address.  Etsi apokleiei ta 'paixnidia' pou mporei na thelei na
paiksei kapoios epidoksos h4ck3r, grafontas programmata pou stelnoun sto
lo0 interface paketa me perierga IP address.  Oxi oti einai *toso*
epikinduno na paiksei kaneis me ena interface tou opoiou o kernel driver
xwraei sta pio polla leitourgika susthmata se duo selides tupwmenou
kwdika, alla leme twra.

Ektos ki an se endiaferei na glitwseis oso to dunaton perissotero CPU
time, apofeugontas "perittous" elegxous, kai pistueis oti etsi ta paketa
tou loopback interface tha pernane oso to dunaton pio grhgora apo to
firewall sou, opote paw passo.

> Mallon 8eleis kai -m limit gia ne mh gemizoyn oi diskoi se periptwsh
> port scans klp.

True, true.  Tis teleutaies duo meres parathrhsa oti einai para polla ta
scans pou dexetai mesa se mia mera to mhxanhma mou otan brisketai sto
diktuo:

    sysop at gothmog[18:29]/root# sh listports.sh 
        RANK    HITS    PORT
           1     310     135
           2      37     137
           3      35      80
           4      35     445
           5      21      23
    ...

Ystera anakalupsa oti kukloforei pali mia seira apo Windows trojans, kai
hremhsa kapws.  Ta failed connection attempts einai panw apo 4000 th
mera omws, kai 4000 grammes sto log mou einai mallon xamenos xwros sto
disko.  Apo shmera ebala ki egw ena orio sta logs mou :P

- Giorgos