Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Tue 22 Jul 2014, 13:38
All times are UTC - 4
 Forum index » House Training » Users ( For the regulars )
Configuring firewall to block an IP address.
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [9 Posts]  
Author Message
AdrianH

Joined: 17 Oct 2013
Posts: 54
Location: Blackburn in the UK

PostPosted: Sat 09 Nov 2013, 07:30    Post subject:  Configuring firewall to block an IP address.
Subject description: Stop chinese hacker 218.28.24.238
 

My puppy pc sits behind a router on the internal network but has 3 ports open to the world
port 22 for ssh and 2 for audio streams.

I saw the network leds flashing a lot the other night and did some investigations and finally used netstat -tp to show connections to my puppy pc to find 3 ssh connections established from 218.28.24.238.

So I have run up the firewall and have added a few things in to what I saw was a line to block IP ranges.

So at present I have:

PERMIT="22/tcp 8000-8001/tcp 192.168.1.0/24"

INTERNAL_INTERFACES=""

BLACKLIST="218.28.0.0/16 218.29.0.0/16"

To get to this stage took this learner hours so should I have anything else set, have I got it correct?

Cheers

Adrian
Back to top
View user's profile Send private message 
mikeb


Joined: 23 Nov 2006
Posts: 8023

PostPosted: Sat 09 Nov 2013, 07:56    Post subject:  

cheeky....

You have a strong password for puppy? He can try but he still has to get through that. Might be worth creating a user if your monitor can be run like that. (su --login would give you root again though I suppose that brings you back to the first point.

Another thought might be to change the ssh port away from the standard one.

My router lets you set the WAN addresses permitted to open ports... and you are using fixed ip/dyndns so should be useable...ie you only allow your remote access and no one else.

mike
Back to top
View user's profile Send private message 
AdrianH

Joined: 17 Oct 2013
Posts: 54
Location: Blackburn in the UK

PostPosted: Sat 09 Nov 2013, 08:24    Post subject:  

my password for puppy certainly went up a notch!

I appreciate that just having a connection to the pc did not mean they had access, but they can sod off.

I was just thinking of what I am trying to do and as such I doubt I would ever be in China to access the PC hence I thought to just block off massive blocks. If I get another connection and it turned out to be another country I would now just do the same.

As you suggest I could map ports differently is use some obscure port and map it to 22 on the puppy just not sure about say using, ssh root@puppy:54321 if it would work.


Cheers

Adrian
Back to top
View user's profile Send private message 
mikeb


Joined: 23 Nov 2006
Posts: 8023

PostPosted: Sat 09 Nov 2013, 09:12    Post subject:  

ssh -p 3456 blah ... looks like the syntax.
sshd -p 3456 blah...

Still think set router for your access only would be a good move.

I remember a fresh install of windows 2k had a trojan in 2 minutes of first connecting with a modem which came via port 135 (RPC) .... common ports are always targetted so moving the goalpost is usually a good idea. By the way a hack of rpcss fixed that hole Smile but routers solve the problem (and netbios/samba holes) with having a built in firewall.

mike
Back to top
View user's profile Send private message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 10927
Location: Arizona USA

PostPosted: Sat 09 Nov 2013, 09:15    Post subject:  

Do you know about Shields Up! for testing your operating system, browser, router and firewall security settings?

https://www.grc.com/ShieldsUp!

(For some reason, the forum software doesn't recognize that as a legitimate URL, but I tested it and it is. You'll have to copy it and paste it into your browser's address window. Sorry for the inconvenience. Rolling Eyes )
Back to top
View user's profile Send private message 
tallboy


Joined: 21 Sep 2010
Posts: 438
Location: Oslo, Norway

PostPosted: Sat 16 Nov 2013, 22:58    Post subject:  

Thank you for the link, Flash. I run a ZTE MF636 USB modem, and is given a new IP every time I log in.
Unless theyShieldsUP company is just a front for the chinese gov. hacking dept., the test report made me feel a bit safer:

tallboy
ip-test.jpg
 Description   
 Filesize   19.58 KB
 Viewed   189 Time(s)

ip-test.jpg


_________________
True freedom is a live Puppy on a multisession CD/DVD.
Back to top
View user's profile Send private message 
mikeb


Joined: 23 Nov 2006
Posts: 8023

PostPosted: Sun 17 Nov 2013, 08:05    Post subject:  

What about those Norweigen gov hacking depts Wink .

SSH port is a common target from anywhere because of what can be done if someone can crack the password (that's it...nothing else to do) ... its a bit like putting up a sign saying 'please come and get me' in neon hence has to be handled extra carefully.

mike
Back to top
View user's profile Send private message 
AdrianH

Joined: 17 Oct 2013
Posts: 54
Location: Blackburn in the UK

PostPosted: Sun 17 Nov 2013, 11:47    Post subject:  

mikeb wrote:
ssh -p 3456 blah ... looks like the syntax.
sshd -p 3456 blah...

Still think set router for your access only would be a good move.

mike


Would be easy if I always had the same ip address but not always the case.

No matter!

Adrian
Back to top
View user's profile Send private message 
mikeb


Joined: 23 Nov 2006
Posts: 8023

PostPosted: Sun 17 Nov 2013, 12:56    Post subject:  

Hmm indeed... well pehaps limited to uk or that range you bought... or is that looking at things from the wrong end Very Happy

mike
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [9 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » House Training » Users ( For the regulars )
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0676s ][ Queries: 13 (0.0138s) ][ GZIP on ]