Hi Hackers have been trying to find their way into my server and I decided to switch on the firewall. The only problem is that I can't find much in the way of documentation as to what it does. - Can it stop flood attacks? - Does it deny service to rapid requests? - If it blocks somebody, does it do it for ever, 24 hours, 1 hour ...etc? - Does it block all unused ports? - etc In short - does anybody know where there is a specification or a description of how it works? More info on the monotoring system would also be useful (ie What does it do and an example of how to use it?) Kind Regards, Adrian Smith
Well in my opinion.... Isp firewall doesnt do mutch except filter some ports..... the real deal is with fail2ban and denyhost... if u configure this 2 properly you whont have problems... i`ve been working on this matter for the past 3 days... so... u need to modify this config Code: /etc/fail2ban/fail2ban.conf and set the max retry to 3 ( if the attaker fails to login from 3 attemps gets baned) , Set bantime to -1 (this means it will be a definete ban (until u restart fail2ban)) configure postfix and proftp option so they dont attack your ftp. and thats about it... u can look for denyhost conf also and try to make some ajustments there also... i made some but dont really remember what. Oh... and another thing is to change you ssh port from 22 to something else.... most hacker this day use a password tryer scaner...( they conect by default to ssh 22 and they try a lots of passwords...) oh... and keep your server up to date... If u whant to ban an IP .... just insert it in /etc/host.deny and restart hostdeny... i think thats permanent. Hope it helps...
For anybody finding this thread and wanting to install DenyHosts there is an excellent tutorial here: http://www.linickx.com/archives/270/denyhosts-protecting-against-ssh-brute-force-attacks Regards,
More Tutorials Apologies to HowtoForge: Here are two excellent tutorials on: DenyHosts http://www.howtoforge.com/preventing_ssh_dictionary_attacks_with_denyhosts fail2ban http://www.howtoforge.com/fail2ban_debian_etch