[TriLUG] SSH Probing...

Jon Carnes jonc at nc.rr.com
Wed Mar 13 11:46:05 EST 2002


Your rules look good - though I prefer to use ":input DENY" as my default,
your 6th line down essentially does that... but only for tcp.

Jon
----- Original Message -----
From: "Greg Brown" <gregbrown at mindspring.com>
To: <trilug at trilug.org>
Sent: Wednesday, March 13, 2002 9:10 AM
Subject: Re: [TriLUG] SSH Probing...


> I'm still in learning mode when it comes to Linux and security but this
talk
> of ssh attacks has alarmed me somewhat.  Would the following ipchains
> configuration be considered "secure" in most cases (eth1 connects to the
> cable modem and eth0 is the "inside" network interface)?
>
> :input ACCEPT
> :forward ACCEPT
> :output ACCEPT
> -A forward -s 10.0.0.0/255.0.0.0 -d 0.0.0.0/0.0.0.0 -i eth1 -j MASQ
> -A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 22:22 -p 6 -j ACCEPT
> -A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 80:80 -p 6 -j ACCEPT
> -A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 21:21 -p 6 -j ACCEPT
> -A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -i eth1 -p 6 -j DENY -y
> -A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 25:25 -i eth0 -p 6 -j
ACCEPT
> -A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 465:465 -i eth0 -p 6 -j
ACCEPT
> -A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -i eth0 -p 6 -j DENY -y
>





More information about the TriLUG mailing list