[eside-ghost] Mini manual de iptables ?
Cymo
gcymoril en gmail.com
Jue Mar 31 01:42:17 CEST 2005
Hola !
¿ Alguien me puede indicar como añadir reglas "simples" para iptables ?
En concreto: que no se acepten conexiones desde determinadas ips
(determinados servicios estén disponibles SOLO desde la red local).
Tengo una red local, y en mi gnu/linux una sola tarjeta ethernet con
dos aliases:
eth0 (euskaltel::ip) --> internet
eth0:0 (192.168.2.101) --> red local
De momento he "solventado" mis problemas de seguridad, matando todos
los procesos que no me interesaban (sshd, apache, no se qué,...)
<ESTO_SOLO_PARA_HISTERICOS>
Me ha dao por mirar
cymo en Thunder:/$ uptime
01:34:58 up 14 days, 2:00, 2 users, load average: 0.85, 1.12, 1.06
Asi que he decidido mirar en /var/log/auth.log y he visto:
Mar 28 17:44:27 Thunder sshd[2489]: Illegal user jordan from 61.244.242.25
Mar 28 17:44:36 Thunder sshd[2504]: Illegal user michael from 61.244.242.25
Mar 28 17:44:39 Thunder sshd[2512]: Illegal user nicole from 61.244.242.25
Mar 28 17:44:44 Thunder sshd[2519]: Illegal user daniel from 61.244.242.25
Mar 28 17:44:49 Thunder sshd[2528]: Illegal user andrew from 61.244.242.25
Mar 28 17:44:54 Thunder sshd[2533]: Illegal user nathan from 61.244.242.25
Mar 28 17:45:00 Thunder sshd[2535]: Illegal user matthew from 61.244.242.25
Mar 28 17:45:08 Thunder sshd[2544]: Illegal user magic from 61.244.242.25
Mar 28 17:45:11 Thunder sshd[2550]: Illegal user lion from 61.244.242.25
Mar 28 17:45:17 Thunder sshd[2552]: Illegal user david from 61.244.242.25
Mar 28 17:45:26 Thunder sshd[2554]: Illegal user jason from 61.244.242.25
Mar 28 17:45:30 Thunder sshd[2558]: Illegal user ben from 61.244.242.25
Mar 28 17:45:38 Thunder sshd[2567]: Illegal user carmen from 61.244.242.25
Mar 28 17:45:44 Thunder sshd[2575]: Illegal user justin from 61.244.242.25
Mar 28 17:45:51 Thunder sshd[2577]: Illegal user charlie from 61.244.242.25
Mar 28 17:45:57 Thunder sshd[2579]: Illegal user steven from 61.244.242.25
Mar 28 17:46:01 Thunder sshd[2581]: Illegal user brandon from 61.244.242.25
Mar 28 17:46:04 Thunder sshd[2583]: Illegal user brian from 61.244.242.25
Mar 28 17:46:09 Thunder sshd[2590]: Illegal user stephen from 61.244.242.25
Mar 28 17:46:13 Thunder sshd[2598]: Illegal user william from 61.244.242.25
Mar 28 17:46:22 Thunder sshd[2605]: Illegal user angel from 61.244.242.25
Mar 28 17:46:27 Thunder sshd[2613]: Illegal user emily from 61.244.242.25
Mar 28 17:46:37 Thunder sshd[2628]: Did not receive identification
string from 61.244.242.25
Entre otras. El whois no lo pego, pero la IP es de Hong-Kong
Luego he hecho:
Thunder:/# nmap localhost -p 1-65535
Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2005-03-31 01:30 CEST
Interesting ports on Thunder (127.0.0.1):
(The 65525 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
9/tcp open discard
13/tcp open daytime
22/tcp open ssh
37/tcp open time
111/tcp open rpcbind
972/tcp open unknown
4663/tcp open unknown
8662/tcp open unknown
10000/tcp open snet-sensor-mgmt
64101/tcp open unknown
Y he visto que había demasiadas cosas abiertas.
Así que he matado procesos (al inetd entre ellos !!) :P
Más información sobre la lista de distribución eside-ghost