View Single Post
  #12  
Old 2nd May 2013, 19:56
DUCKFACE DUCKFACE is offline
Member
 
Join Date: Dec 2008
Location: Bulgaria
Posts: 92
Thanks: 2
Thanked 2 Times in 2 Posts
Default

netstat -tap
Code:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 localhost:10024         *:*                     LISTEN      10288/amavisd-new (
tcp        0      0 localhost:10025         *:*                     LISTEN      10269/master
tcp        0      0 *:mysql                 *:*                     LISTEN      17841/mysqld
tcp        0      0 *:netbios-ssn           *:*                     LISTEN      1117/smbd
tcp        0      0 *:pop3                  *:*                     LISTEN      11242/dovecot
tcp        0      0 *:imap2                 *:*                     LISTEN      11242/dovecot
tcp        0      0 localhost:spamd         *:*                     LISTEN      2372/spamd.pid
tcp        0      0 *:sunrpc                *:*                     LISTEN      1155/rpcbind
tcp        0      0 *:webmin                *:*                     LISTEN      3669/perl
tcp        0      0 *:8181                  *:*                     LISTEN      9216/dansguardian
tcp        0      0 10.9.1.1:domain         *:*                     LISTEN      11341/named
tcp        0      0 10.8.0.1:domain         *:*                     LISTEN      11341/named
tcp        0      0 192.168.1.2:domain      *:*                     LISTEN      11341/named
tcp        0      0 localhost:domain        *:*                     LISTEN      11341/named
tcp        0      0 *:ftp                   *:*                     LISTEN      11319/pure-ftpd (SE
tcp        0      0 *:ssh                   *:*                     LISTEN      1425/sshd
tcp        0      0 localhost:3128          *:*                     LISTEN      1828/squid3
tcp        0      0 10.8.0.1:3128           *:*                     LISTEN      1828/squid3
tcp        0      0 localhost:953           *:*                     LISTEN      11341/named
tcp        0      0 *:smtp                  *:*                     LISTEN      10269/master
tcp        0      0 *:microsoft-ds          *:*                     LISTEN      1117/smbd
tcp        0      0 *:imaps                 *:*                     LISTEN      11242/dovecot
tcp        0      0 *:41602                 *:*                     LISTEN      1164/rpc.statd
tcp        0      0 *:pop3s                 *:*                     LISTEN      11242/dovecot
tcp        0      0 192.168.1.2:48133       c13020.dip.tu-dres:http TIME_WAIT   -
tcp        0      0 localhost:mysql         localhost:59180         ESTABLISHED 17841/mysqld
tcp        0      0 localhost:59078         localhost:mysql         ESTABLISHED 11222/amavisd-new (
tcp        0      0 localhost:59180         localhost:mysql         ESTABLISHED 11221/amavisd-new (
tcp        0   1220 192.168.1.2:ssh         212-233-136-95-pl:42978 ESTABLISHED 31007/sshd: nikolay
tcp        0      0 localhost:mysql         localhost:59078         ESTABLISHED 17841/mysqld
tcp6       0      0 [::]:netbios-ssn        [::]:*                  LISTEN      1117/smbd
tcp6       0      0 [::]:pop3               [::]:*                  LISTEN      11242/dovecot
tcp6       0      0 [::]:imap2              [::]:*                  LISTEN      11242/dovecot
tcp6       0      0 [::]:sunrpc             [::]:*                  LISTEN      1155/rpcbind
tcp6       0      0 [::]:http-alt           [::]:*                  LISTEN      11297/apache2
tcp6       0      0 [::]:http               [::]:*                  LISTEN      11297/apache2
tcp6       0      0 [::]:tproxy             [::]:*                  LISTEN      11297/apache2
tcp6       0      0 [::]:domain             [::]:*                  LISTEN      11341/named
tcp6       0      0 [::]:ftp                [::]:*                  LISTEN      11319/pure-ftpd (SE
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN      1425/sshd
tcp6       0      0 ip6-localhost:953       [::]:*                  LISTEN      11341/named
tcp6       0      0 [::]:smtp               [::]:*                  LISTEN      10269/master
tcp6       0      0 [::]:https              [::]:*                  LISTEN      11297/apache2
tcp6       0      0 [::]:microsoft-ds       [::]:*                  LISTEN      1117/smbd
tcp6       0      0 [::]:imaps              [::]:*                  LISTEN      11242/dovecot
tcp6       0      0 [::]:pop3s              [::]:*                  LISTEN      11242/dovecot
tcp6       0      0 [::]:56036              [::]:*                  LISTEN      1164/rpc.statd
and iptables -L
Code:
Chain INPUT (policy DROP)
target     prot opt source               destination
fail2ban-dovecot-pop3imap  tcp  --  anywhere             anywhere             multiport dports pop3,pop3s,imap2,imaps
fail2ban-pureftpd  tcp  --  anywhere             anywhere             multiport dports ftp
fail2ban-ssh  tcp  --  anywhere             anywhere             multiport dports ssh
IP_BAN     tcp  --  anywhere             anywhere             tcp
fail2ban-ssh  tcp  --  anywhere             anywhere             multiport dports ssh
fail2ban-squirrelmail  tcp  --  anywhere             anywhere             multiport dports http,https
DROP       tcp  --  anywhere             anywhere             tcpflags: SYN,RST/SYN,RST
SYNFLOOD   tcp  --  anywhere             anywhere             state NEW
DROP       tcp  --  anywhere             anywhere             tcpflags: FIN,SYN/FIN,SYN
DDoS       tcp  --  anywhere             anywhere             tcpflags: SYN,RST,ACK/SYN
DROP       tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
ScanD      tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,PSH,ACK,URG/NONE
ScanD      tcp  --  anywhere             anywhere             tcpflags: FIN,SYN/FIN,SYN
ScanD      tcp  --  anywhere             anywhere             tcpflags: SYN,RST/SYN,RST
ScanD      tcp  --  anywhere             anywhere             tcpflags: FIN,RST/FIN,RST
ScanD      tcp  --  anywhere             anywhere             tcpflags: FIN,ACK/FIN
ScanD      tcp  --  anywhere             anywhere             tcpflags: PSH,ACK/PSH
ScanD      tcp  --  anywhere             anywhere             tcpflags: ACK,URG/URG
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     udp  --  acacia.bilink.it     anywhere             udp dpt:ntp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     udp  --  anywhere             anywhere             udp dpt:openvpn
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http-alt
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:8181
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:webmin
ACCEPT     udp  --  anywhere             anywhere             udp spt:domain dpts:1024:65535
DROP       tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
DROP       tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG
DROP       tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,PSH,ACK,URG/NONE
ACCEPT     tcp  --  anywhere             anywhere             tcpflags: ACK/ACK
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             state ESTABLISHED
ACCEPT     all  --  anywhere             anywhere             state RELATED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:81
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:auth
ACCEPT     udp  --  anywhere             anywhere             udp dpt:ntp
ACCEPT     udp  --  anywhere             anywhere             udp dpt:netbios-ns
ACCEPT     udp  --  anywhere             anywhere             udp dpt:netbios-dgm
ACCEPT     udp  --  anywhere             anywhere             udp dpt:netbios-ssn
ACCEPT     udp  --  anywhere             anywhere             udp dpt:microsoft-ds
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imaps
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3s
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:3128
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http-alt
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:8181
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:webmin
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:auth

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain Banned (0 references)
target     prot opt source               destination
LOG        tcp  --  anywhere             anywhere             limit: avg 1/sec burst 5 LOG level info prefix "[TCP Banned] "
LOG        udp  --  anywhere             anywhere             limit: avg 1/sec burst 5 LOG level info prefix "[UDP Banned] "
LOG        icmp --  anywhere             anywhere             limit: avg 1/sec burst 5 LOG level info prefix "[ICMP Banned] "
LOG        all  -f  anywhere             anywhere             limit: avg 1/sec burst 5 LOG level info prefix "[FRAG Banned] "
DROP       all  --  anywhere             anywhere

Chain DDoS (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere             limit: avg 1/sec burst 10
LOG        all  --  anywhere             anywhere             LOG level warning prefix "[DOS Attack/SYN Scan?] "
DROP       all  --  anywhere             anywhere

Chain IANA (0 references)
target     prot opt source               destination
LOG        tcp  --  anywhere             anywhere             limit: avg 1/sec burst 5 LOG level info prefix "[IANA Reserved - TCP] "
LOG        udp  --  anywhere             anywhere             limit: avg 1/sec burst 5 LOG level info prefix "[IANA Reserved - UDP] "
LOG        icmp --  anywhere             anywhere             limit: avg 1/sec burst 5 LOG level info prefix "[IANA Reserved - ICMP] "
LOG        all  -f  anywhere             anywhere             limit: avg 1/sec burst 5 LOG level info prefix "[IANA Reserved - FRAG] "
DROP       all  --  anywhere             anywhere

Chain IP_BAN (1 references)
target     prot opt source               destination
DROP       all  --  unallocated.star.net.uk  anywhere
DROP       all  --  117.239.105.115      anywhere
DROP       all  --  64.34.253.100        anywhere
DROP       all  --  13-48-143-63.datacenter.lgvhost.com.br  anywhere
DROP       all  --  no-record-set.rijndata.nl  anywhere

Chain LnR (0 references)
target     prot opt source               destination
LOG        tcp  --  anywhere             anywhere             limit: avg 1/sec burst 5 LOG level info prefix "[TCP reject] "
LOG        udp  --  anywhere             anywhere             limit: avg 1/sec burst 5 LOG level info prefix "[UDP reject] "
LOG        icmp --  anywhere             anywhere             limit: avg 1/sec burst 5 LOG level info prefix "[ICMP reject] "
LOG        all  -f  anywhere             anywhere             limit: avg 1/sec burst 5 LOG level info prefix "[FRAG reject] "
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable

Chain SYNFLOOD (1 references)
target     prot opt source               destination
RETURN     tcp  --  anywhere             anywhere             limit: avg 1/sec burst 5 tcpflags: FIN,SYN,RST,ACK/SYN
REJECT     tcp  --  anywhere             anywhere             reject-with tcp-reset

Chain ScanD (7 references)
target     prot opt source               destination
LOG        tcp  --  anywhere             anywhere             limit: avg 1/sec burst 5 LOG level warning prefix "[TCP Scan?] "
LOG        udp  --  anywhere             anywhere             limit: avg 1/sec burst 5 LOG level warning prefix "[UDP Scan?] "
LOG        icmp --  anywhere             anywhere             limit: avg 1/sec burst 5 LOG level warning prefix "[ICMP Scan?] "
LOG        all  -f  anywhere             anywhere             limit: avg 1/sec burst 5 LOG level warning prefix "[FRAG Scan?] "
DROP       all  --  anywhere             anywhere

Chain fail2ban-dovecot-pop3imap (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-pureftpd (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-squirrelmail (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-ssh (2 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
Reply With Quote