#1  
Old 27th March 2009, 17:10
AdrianSmithUK AdrianSmithUK is offline
Junior Member
 
Join Date: Mar 2009
Posts: 14
Thanks: 1
Thanked 0 Times in 0 Posts
Default Firewall - How does it work?

Hi

Hackers have been trying to find their way into my server and I decided to switch on the firewall. The only problem is that I can't find much in the way of documentation as to what it does.

- Can it stop flood attacks?
- Does it deny service to rapid requests?
- If it blocks somebody, does it do it for ever, 24 hours, 1 hour ...etc?
- Does it block all unused ports?
- etc

In short - does anybody know where there is a specification or a description of how it works? More info on the monotoring system would also be useful (ie What does it do and an example of how to use it?)

Kind Regards,

Adrian Smith
Reply With Quote
Sponsored Links
  #2  
Old 27th March 2009, 21:45
robilaur robilaur is offline
Member
 
Join Date: Sep 2007
Location: Romania
Posts: 86
Thanks: 4
Thanked 12 Times in 9 Posts
Send a message via Yahoo to robilaur
Default

Well in my opinion.... Isp firewall doesnt do mutch except filter some ports..... the real deal is with fail2ban and denyhost... if u configure this 2 properly you whont have problems... i`ve been working on this matter for the past 3 days... so... u need to modify this config
Code:
/etc/fail2ban/fail2ban.conf
and set the max retry to 3 ( if the attaker fails to login from 3 attemps gets baned) , Set bantime to -1 (this means it will be a definete ban (until u restart fail2ban)) configure postfix and proftp option so they dont attack your ftp. and thats about it... u can look for denyhost conf also and try to make some ajustments there also... i made some but dont really remember what. Oh... and another thing is to change you ssh port from 22 to something else.... most hacker this day use a password tryer scaner...( they conect by default to ssh 22 and they try a lots of passwords...) oh... and keep your server up to date... If u whant to ban an IP .... just insert it in /etc/host.deny and restart hostdeny... i think thats permanent.

Hope it helps...
__________________
Best Regards,

Robert
Reply With Quote
The Following User Says Thank You to robilaur For This Useful Post:
AdrianSmithUK (28th March 2009)
  #3  
Old 28th March 2009, 09:29
AdrianSmithUK AdrianSmithUK is offline
Junior Member
 
Join Date: Mar 2009
Posts: 14
Thanks: 1
Thanked 0 Times in 0 Posts
Default Many Thanks

Many thanks Robilaur.

Your message is very helpful.

Kind Regards,

Adrian Smith
London
Reply With Quote
  #4  
Old 28th March 2009, 11:05
AdrianSmithUK AdrianSmithUK is offline
Junior Member
 
Join Date: Mar 2009
Posts: 14
Thanks: 1
Thanked 0 Times in 0 Posts
Default

For anybody finding this thread and wanting to install DenyHosts there is an excellent tutorial here:

http://www.linickx.com/archives/270/...-force-attacks

Regards,
Reply With Quote
  #5  
Old 29th March 2009, 10:05
AdrianSmithUK AdrianSmithUK is offline
Junior Member
 
Join Date: Mar 2009
Posts: 14
Thanks: 1
Thanked 0 Times in 0 Posts
 
Default More Tutorials

Apologies to HowtoForge:

Here are two excellent tutorials on:

DenyHosts

http://www.howtoforge.com/preventing...with_denyhosts

fail2ban

http://www.howtoforge.com/fail2ban_debian_etch
Reply With Quote
Reply

Bookmarks

Tags
firewall

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
High Availability (Load Balancing) behind a firewall geek.de.nz Server Operation 7 4th January 2011 13:58
Running customised firewall script -RHEL 4 sud.tech Technical 0 12th June 2008 15:17
firewall scripts error in RHEL 4 sud.tech Technical 1 6th June 2008 11:22
ISP Services firewall page ustoopia Feature Requests 2 17th July 2007 18:39
I need a suitable firewall. agul Server Operation 4 23rd November 2005 00:12


All times are GMT +2. The time now is 18:22.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.