HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   Firewall - How does it work? (http://www.howtoforge.com/forums/showthread.php?t=32961)

AdrianSmithUK 27th March 2009 17:10

Firewall - How does it work?
 
Hi

Hackers have been trying to find their way into my server and I decided to switch on the firewall. The only problem is that I can't find much in the way of documentation as to what it does.

- Can it stop flood attacks?
- Does it deny service to rapid requests?
- If it blocks somebody, does it do it for ever, 24 hours, 1 hour ...etc?
- Does it block all unused ports?
- etc

In short - does anybody know where there is a specification or a description of how it works? More info on the monotoring system would also be useful (ie What does it do and an example of how to use it?)

Kind Regards,

Adrian Smith

robilaur 27th March 2009 21:45

Well in my opinion.... Isp firewall doesnt do mutch except filter some ports..... the real deal is with fail2ban and denyhost... if u configure this 2 properly you whont have problems... i`ve been working on this matter for the past 3 days... so... u need to modify this config
Code:

/etc/fail2ban/fail2ban.conf
and set the max retry to 3 ( if the attaker fails to login from 3 attemps gets baned) , Set bantime to -1 (this means it will be a definete ban (until u restart fail2ban)) configure postfix and proftp option so they dont attack your ftp. and thats about it... u can look for denyhost conf also and try to make some ajustments there also... i made some but dont really remember what. Oh... and another thing is to change you ssh port from 22 to something else.... most hacker this day use a password tryer scaner...( they conect by default to ssh 22 and they try a lots of passwords...) oh... and keep your server up to date... If u whant to ban an IP .... just insert it in /etc/host.deny and restart hostdeny... i think thats permanent.

Hope it helps...

AdrianSmithUK 28th March 2009 09:29

Many Thanks
 
Many thanks Robilaur.

Your message is very helpful.

Kind Regards,

Adrian Smith
London

AdrianSmithUK 28th March 2009 11:05

For anybody finding this thread and wanting to install DenyHosts there is an excellent tutorial here:

http://www.linickx.com/archives/270/...-force-attacks

Regards,

AdrianSmithUK 29th March 2009 10:05

More Tutorials
 
Apologies to HowtoForge:

Here are two excellent tutorials on:

DenyHosts

http://www.howtoforge.com/preventing...with_denyhosts

fail2ban

http://www.howtoforge.com/fail2ban_debian_etch


All times are GMT +2. The time now is 17:57.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.