| View previous topic :: View next topic |
| Author |
Message |
madisonicus
Veteran
Joined: 20 Sep 2006
Posts: 1130
|
 Posted: Tue Jan 23, 2007 5:43 am Post subject: |
 |
|
| Dralnu wrote: | Of course it is all hackable. I'm more worried about keeping mid and low-level hackers out of my system. The people who know what they are doing are almost impossible to keep out.
Right now, besides the router, I've got securetty set so that root can only be logged into from a tty. I'd love to do the same for su and sudo, as well, which would lock people out of my root account.
I'd probably mess with iptables some if I knew what I was doing, but I don't, and like you said, you can screw yourself up with a bad setup. Right now I compile everything with the hardened USE flag (helps a little I think).
I also try to stay out of my root account for a good portion of the time, and sudo when I need to do something. |
Turning on the hardened USE flag with GCC 4.1.1 or GLIBC 2.4 does nothing yet. You have to use GCC 3.4 and GLIBC 2.3 for now to get the benefits of hardened or PIC.
SELINUX can be hard to set up but it's gotten easier now that there are some learning options. There are decent Gentoo guides for doing a PAX/GRSECURITY kernel with hardened toolchain though, available here.
I've found that iptables is actually pretty simple when you figure out what's going on. Here's a simple but reasonable example. I'd also recommend net-firewall/firestarter or net-firewall/shorewall for someone just starting out. There are also several iptables script generators on the web (here for instance).
_________________
Please add [SOLVED] to your message title if you feel that your question has been answered.
------
Intel Q9300 Core2 Quad * Gigabyte GA-EP35C-DS3R
Samsung x360
AMD64 x2 4200+ * TF7050-M2 * HTPC
ZOTAC ION A-U Mini-ITX * HTPC |
|
| Back to top |
|
 |
Moji
Tux's lil' helper
Joined: 04 Nov 2006
Posts: 121
|
| Posted: Tue Jan 23, 2007 12:32 pm Post subject: |
|
|
If you want to use iptables to drop a specific port.
| Code: | /sbin/iptables -I INPUT -p udp --dport [Your Port Here] -j DROP
/sbin/iptables -I INPUT -p tcp --dport [Your Port Here] -j DROP
/sbin/iptables -I OUTPUT -p udp --dport [Your Port Here] -j DROP
/sbin/iptables -I OUTPUT -p tcp --dport [Your Port Here] -j DROP
|
That should ammend two rules on the top of your INPUT chain and two on the top of your OUTPUT chain. you can also do a port range with the colon, ie 1024:65535
-MJ |
|
| Back to top |
|
|
InsaneHamster
Guru
Joined: 02 May 2003
Posts: 435
|
| Posted: Tue Jan 23, 2007 5:16 pm Post subject: |
|
|
what i dont understand is according to various tests and online analyzers my computer does not exist on the internet so how and why are people trying to scan or connect to it and how come this didnt happen before ?
cause it be like limewire or bts i used (i stopped) and well the after math ? |
|
| Back to top |
|
|
madisonicus
Veteran
Joined: 20 Sep 2006
Posts: 1130
|
| Posted: Tue Jan 23, 2007 5:24 pm Post subject: |
|
|
| InsaneHamster wrote: | what i dont understand is according to various tests and online analyzers my computer does not exist on the internet so how and why are people trying to scan or connect to it and how come this didnt happen before ?
cause it be like limewire or bts i used (i stopped) and well the after math ? |
They're not targeting you. They're randomly or sequentially probing ip addresses. It's the IP version of War Dialing. It's the same way you get spam, even if you've never given out your email address. Or the way junk mailers send things to you, but have to put "Resident" or "Dear Neighbor".
_________________
Please add [SOLVED] to your message title if you feel that your question has been answered.
------
Intel Q9300 Core2 Quad * Gigabyte GA-EP35C-DS3R
Samsung x360
AMD64 x2 4200+ * TF7050-M2 * HTPC
ZOTAC ION A-U Mini-ITX * HTPC |
|
| Back to top |
|
|
InsaneHamster
Guru
Joined: 02 May 2003
Posts: 435
|
| Posted: Tue Jan 23, 2007 7:23 pm Post subject: |
|
|
| madisonicus wrote: | | InsaneHamster wrote: | what i dont understand is according to various tests and online analyzers my computer does not exist on the internet so how and why are people trying to scan or connect to it and how come this didnt happen before ?
cause it be like limewire or bts i used (i stopped) and well the after math ? |
They're not targeting you. They're randomly or sequentially probing ip addresses. It's the IP version of War Dialing. It's the same way you get spam, even if you've never given out your email address. Or the way junk mailers send things to you, but have to put "Resident" or "Dear Neighbor". |
i knew that before but i guess i didnt know how large of a scale it would be once u log every single one. so i guess these ping cyber kits towards my computer should be fine since i am techniqually invisible but sometimes i see my computer sending out back to them |
|
| Back to top |
|
|
|
Networking & Security
