Send a bad ip connection back to himself

Kernels & Hardware, configuring network, installing services

Re: Send a bad ip connection back to himself

Postby acewiza » 2017-05-16 12:32

A good troubleshooting step might be to drop one source you are presently concerned with. No need to send anything anywhere or otherwise muddy the water. Then see what if anything, breaks on your end. This should at least suggest to you if the traffic you seem to be concerned with is either legitimate, anomalous, or (unlikely) nefarious.
User avatar
acewiza
 
Posts: 186
Joined: 2013-05-28 12:38
Location: Out West

Re: Send a bad ip connection back to himself

Postby reinob » 2017-05-16 18:52

Frenki wrote:Still I'm searching for a way to totally block connections not filter them with firewall.
Basically just like the route command rejecting a host by ip
but I'd like to allow a host by ip and make a route command to reject all the others.
Can't seem to find that since it's hard for me to formulate what I'd like to achieve in a searchengine.
If i search all i get is IPTABLES.
Yet IPTABLES means they allready connected to the server and then face the firewall.
I dont want them even to reach the firewall. since I know what is allowed to come in.
I'm not sure if that what I want is possible though but I'm certain that if i can use route to reject one connection.
It allmost must be possible to reject all except 1 or more defined ip's


Hmm.. I'm not sure you've understood how a firewall works. Basically, it does exactly what you want :)
You get to decide whether a packet is REJECTed or DROPped. In both cases, your server will see the initial connection attempt (SYN), but the connection will not be established.

You can't just reject a connection before it's even attempted!
reinob
 
Posts: 491
Joined: 2014-06-30 11:42

Re: Send a bad ip connection back to himself

Postby Frenki » 2017-05-16 22:32

reinob wrote:
Frenki wrote:Still I'm searching for a way to totally block connections not filter them with firewall.
Basically just like the route command rejecting a host by ip
but I'd like to allow a host by ip and make a route command to reject all the others.
Can't seem to find that since it's hard for me to formulate what I'd like to achieve in a searchengine.
If i search all i get is IPTABLES.
Yet IPTABLES means they allready connected to the server and then face the firewall.
I dont want them even to reach the firewall. since I know what is allowed to come in.
I'm not sure if that what I want is possible though but I'm certain that if i can use route to reject one connection.
It allmost must be possible to reject all except 1 or more defined ip's


Hmm.. I'm not sure you've understood how a firewall works. Basically, it does exactly what you want :)
You get to decide whether a packet is REJECTed or DROPped. In both cases, your server will see the initial connection attempt (SYN), but the connection will not be established.

You can't just reject a connection before it's even attempted!


Okay, actually I do understand how firewalls work :D
I'm just trying to achieve this without using 2 servers.
If I use 2 servers I can do that what I want.
Use one server in front of the other which acts like a router.
If the connection is allowed then the routing server sends the connection to the actual sever.
I just wanted to know if this is possible by just using one server who is connected to the internet directly.
Frenki
 
Posts: 9
Joined: 2017-05-13 06:29

Re: Send a bad ip connection back to himself

Postby debiman » 2017-05-17 05:35

reinob wrote:Hmm.. I'm not sure you've understood how a firewall works. Basically, it does exactly what you want :)

i was going to say the same but didn't feel competent enough to say it. :oops:

it seems to me Frenzi actually WANTS these "bad ip connections", because it's a cool opportunity to learn things.
fine.

if not, they should still use something fairly simple like fail2ban AND configure their firewall properly.
User avatar
debiman
 
Posts: 974
Joined: 2013-03-12 07:18

Re: Send a bad ip connection back to himself

Postby reinob » 2017-05-17 17:38

Frenki wrote:Okay, actually I do understand how firewalls work :D
I'm just trying to achieve this without using 2 servers.
If I use 2 servers I can do that what I want.
Use one server in front of the other which acts like a router.
If the connection is allowed then the routing server sends the connection to the actual sever.
I just wanted to know if this is possible by just using one server who is connected to the internet directly.


A firewall is just some software running on a computer (you can call it "server" if you like).
It will only ever see a packet, i.e. decide on whether to allow, reject or mangle it, once the packet has reached the server.
You cannot prevent a computer from physically receiving the packet. If it's addressed to it, or to the broadcast address, or to a subscribed multicast address, or the network card is in promiscous mode, the software (= firewall) will receive it and it will have to take a decision.

I have now the weirdest deja vu because today, at work, I actually wrote more or less what I've written here, which is kinda spooky.
reinob
 
Posts: 491
Joined: 2014-06-30 11:42

Re: Send a bad ip connection back to himself

Postby GarryRicketson » 2017-05-18 23:14

Frenki wrote:
GarryRicketson wrote:
Frenki wrote:
I dont use Denyhost /fail2ban----snip .


Thanks for the information about Honey pot and Tar pit.
These I will definitly look into :D
Since I'm sure this is somewhat I'd like to do with my learning VPS server.

I've been using pentesting platforms like backtrack and Kali.
So this is really stuff which interests me a lot.

I'm a guy who has passion in learning programming and networking.
So these 2 terms you gave are definitly added to my todo list for digging into!
Again thanks a lot m8. Ceers! 8)


You should try "fail2ban",.. and also
there is this package for Debian as well :
https://packages.debian.org/jessie/xtables-addons-dkms
and
https://sysadminblog.net/2013/08/debian-iptables-tarpit/
User avatar
GarryRicketson
 
Posts: 3870
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Previous

Return to System configuration

Who is online

Users browsing this forum: No registered users and 5 guests

fashionable