Blocking incoming packets

Blocking incoming packets

Post by NuncEstBibendu » Fri, 29 Nov 2002 00:22:22



I would be interested to put something in place
that rejects incoming packets that meet the following two
conditions:

        1) They must be coming from IP addresses that
have no corresponding name. I.e. when one tries nslookup
or dig on such IP addresses, only the numerical addresses
themselves are returned.

        2) They are to be rejected only when they are
meant for specific services, like, say, ftp or telnet.

        Is this feasible? Maybe with iptables, or is
iptables below the level I am interested in?

 
 
 

Blocking incoming packets

Post by bens » Fri, 29 Nov 2002 01:36:47


[Wed, 27 Nov 2002 07:22:22 +0000] quoth NuncEstBibendum:

Quote:>    1) They must be coming from IP addresses that
> have no corresponding name. I.e. when one tries nslookup
> or dig on such IP addresses, only the numerical addresses
> themselves are returned.

  I dont know any software that would do this, but then again I cant think
  of any reason you would want to do this. There are many reasons why
  reverse lookups fail..

Quote:>    2) They are to be rejected only when they are
> meant for specific services, like, say, ftp or telnet.

  Iptables can do this.
  B

 
 
 

Blocking incoming packets

Post by goRegga » Fri, 29 Nov 2002 05:33:34


sorry only an test!

> I would be interested to put something in place
> that rejects incoming packets that meet the following two
> conditions:

> 1) They must be coming from IP addresses that
> have no corresponding name. I.e. when one tries nslookup
> or dig on such IP addresses, only the numerical addresses
> themselves are returned.

> 2) They are to be rejected only when they are
> meant for specific services, like, say, ftp or telnet.

> Is this feasible? Maybe with iptables, or is
> iptables below the level I am interested in?

 
 
 

Blocking incoming packets

Post by David Efflan » Fri, 29 Nov 2002 12:00:50



> I would be interested to put something in place
> that rejects incoming packets that meet the following two
> conditions:

>    1) They must be coming from IP addresses that
> have no corresponding name. I.e. when one tries nslookup
> or dig on such IP addresses, only the numerical addresses
> themselves are returned.

>    2) They are to be rejected only when they are
> meant for specific services, like, say, ftp or telnet.

>    Is this feasible? Maybe with iptables, or is
> iptables below the level I am interested in?

man 5 hosts_access
At least for daemons that use tcpwrappers.
Just let in what you specifically want to let in and deny everything else.

For example /etc/hosts.allow

in.ftpd: ALL EXCEPT UNKNOWN
sshd: ALL EXCEPT UNKNOWN
# some valid smtp servers do not resolve
sendmail: ALL
in.identd: ALL
# following only if all LAN users are trusted
# otherwise be more specific
ALL: LOCAL 192.168.

hosts.deny should have ALL: ALL

I use a hardware broadband gateway that just lets in uninitiated
connections for ssh, smtp and http (and triggers incoming ident port 113
for any outgoing smtp).  Connections to sshd are restricted to specific
hosts or IP ranges by hosts.allow and sshd is configured to accept keys
only (not passwords).  Sendmail was tested for anti-relaying.  Apache is
configured with a default worm catching vhost that dead ends and logs
separately if the Host header does not match one of the other set vhosts
(apache does not use tcpwrappers).

--
David Efflandt - All spam ignored  http://www.de-srv.com/
http://www.autox.chicago.il.us/  http://www.berniesfloral.net/
http://cgi-help.virtualave.net/  http://hammer.prohosting.com/~cgi-wiz/

 
 
 

Blocking incoming packets

Post by David Schwart » Fri, 29 Nov 2002 13:39:53



> man 5 hosts_access
> At least for daemons that use tcpwrappers.
> Just let in what you specifically want to let in and deny everything else.

        Or if you're using a recent version of RedHat Linux, read up on how
xinetd works. But without knowing how you launch those services, we
can't really help you.

        DS

 
 
 

Blocking incoming packets

Post by NuncEstBibendu » Mon, 02 Dec 2002 02:40:55


Thanks for your suggestions. Unfortunately, this
seems to work only for those daemons that are under the
aegis of the TCP wrappers. I am looking for something
at a lower level than that - hence my enquiry about
iptables.


>> man 5 hosts_access
>> At least for daemons that use tcpwrappers. Just let in what you
>> specifically want to let in and deny everything else.

>    Or if you're using a recent version of RedHat Linux, read up on how
> xinetd works. But without knowing how you launch those services, we
> can't really help you.

>    DS

 
 
 

Blocking incoming packets

Post by David Schwart » Mon, 02 Dec 2002 09:35:53



> Thanks for your suggestions. Unfortunately, this
> seems to work only for those daemons that are under the
> aegis of the TCP wrappers. I am looking for something
> at a lower level than that - hence my enquiry about
> iptables.

        No, this has nothing to do with TCP wrappers. This affects those
daemons launched from xinetd. I don't believe there's any other sensible
way to do it.

        DS

 
 
 

1. Blocking outgoing and incoming DHCP packets

I've just finished setting up an ipchains firewall in RedHat 6.2 and I have
the final task of blocking any DHCP packets from the internal lan that
might leak out or packets coming in from the outside. What ipchains
commands should i execute in order to do this?

Any help would be nice

Luis

--
Posted via CNET Help.com
http://www.help.com/

2. Running a program in the background

3. blocking sync packets to 205.188.0.0/20 , will block all the icq servers:)

4. colormap not found

5. ipfw counting blocked packets but not blocking them?

6. Q: problem with XTeXcad

7. PPP Incoming Packet Watcher??

8. Is Dell suitable for Linux

9. How to rewrite only the port on incoming/outgoing packets

10. pb setting up iptables for redirecting incoming UDP packets to LAN (voip)

11. Logging incoming packets?

12. Ethernet card ignoring incoming packets

13. Incoming and outgoing Packets under Solaris2.6