Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Send a bad ip connection back to himself

Linux Kernel, Network, and Services configuration.
Message
Author
User avatar
acewiza
Posts: 357
Joined: 2013-05-28 12:38
Location: Out West

Re: Send a bad ip connection back to himself

#16 Post by acewiza »

A good troubleshooting step might be to drop one source you are presently concerned with. No need to send anything anywhere or otherwise muddy the water. Then see what if anything, breaks on your end. This should at least suggest to you if the traffic you seem to be concerned with is either legitimate, anomalous, or (unlikely) nefarious.
Nobody would ever ask questions If everyone possessed encyclopedic knowledge of the man pages.

reinob
Posts: 1189
Joined: 2014-06-30 11:42
Has thanked: 97 times
Been thanked: 47 times

Re: Send a bad ip connection back to himself

#17 Post by reinob »

Frenki wrote: Still I'm searching for a way to totally block connections not filter them with firewall.
Basically just like the route command rejecting a host by ip
but I'd like to allow a host by ip and make a route command to reject all the others.
Can't seem to find that since it's hard for me to formulate what I'd like to achieve in a searchengine.
If i search all i get is IPTABLES.
Yet IPTABLES means they allready connected to the server and then face the firewall.
I dont want them even to reach the firewall. since I know what is allowed to come in.
I'm not sure if that what I want is possible though but I'm certain that if i can use route to reject one connection.
It allmost must be possible to reject all except 1 or more defined ip's
Hmm.. I'm not sure you've understood how a firewall works. Basically, it does exactly what you want :)
You get to decide whether a packet is REJECTed or DROPped. In both cases, your server will see the initial connection attempt (SYN), but the connection will not be established.

You can't just reject a connection before it's even attempted!

Frenki
Posts: 9
Joined: 2017-05-13 06:29

Re: Send a bad ip connection back to himself

#18 Post by Frenki »

reinob wrote:
Frenki wrote: Still I'm searching for a way to totally block connections not filter them with firewall.
Basically just like the route command rejecting a host by ip
but I'd like to allow a host by ip and make a route command to reject all the others.
Can't seem to find that since it's hard for me to formulate what I'd like to achieve in a searchengine.
If i search all i get is IPTABLES.
Yet IPTABLES means they allready connected to the server and then face the firewall.
I dont want them even to reach the firewall. since I know what is allowed to come in.
I'm not sure if that what I want is possible though but I'm certain that if i can use route to reject one connection.
It allmost must be possible to reject all except 1 or more defined ip's
Hmm.. I'm not sure you've understood how a firewall works. Basically, it does exactly what you want :)
You get to decide whether a packet is REJECTed or DROPped. In both cases, your server will see the initial connection attempt (SYN), but the connection will not be established.

You can't just reject a connection before it's even attempted!
Okay, actually I do understand how firewalls work :D
I'm just trying to achieve this without using 2 servers.
If I use 2 servers I can do that what I want.
Use one server in front of the other which acts like a router.
If the connection is allowed then the routing server sends the connection to the actual sever.
I just wanted to know if this is possible by just using one server who is connected to the internet directly.

User avatar
debiman
Posts: 3063
Joined: 2013-03-12 07:18

Re: Send a bad ip connection back to himself

#19 Post by debiman »

reinob wrote:Hmm.. I'm not sure you've understood how a firewall works. Basically, it does exactly what you want :)
i was going to say the same but didn't feel competent enough to say it. :oops:

it seems to me Frenzi actually WANTS these "bad ip connections", because it's a cool opportunity to learn things.
fine.

if not, they should still use something fairly simple like fail2ban AND configure their firewall properly.

reinob
Posts: 1189
Joined: 2014-06-30 11:42
Has thanked: 97 times
Been thanked: 47 times

Re: Send a bad ip connection back to himself

#20 Post by reinob »

Frenki wrote: Okay, actually I do understand how firewalls work :D
I'm just trying to achieve this without using 2 servers.
If I use 2 servers I can do that what I want.
Use one server in front of the other which acts like a router.
If the connection is allowed then the routing server sends the connection to the actual sever.
I just wanted to know if this is possible by just using one server who is connected to the internet directly.
A firewall is just some software running on a computer (you can call it "server" if you like).
It will only ever see a packet, i.e. decide on whether to allow, reject or mangle it, once the packet has reached the server.
You cannot prevent a computer from physically receiving the packet. If it's addressed to it, or to the broadcast address, or to a subscribed multicast address, or the network card is in promiscous mode, the software (= firewall) will receive it and it will have to take a decision.

I have now the weirdest deja vu because today, at work, I actually wrote more or less what I've written here, which is kinda spooky.

User avatar
GarryRicketson
Posts: 5644
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: Send a bad ip connection back to himself

#21 Post by GarryRicketson »

Frenki wrote:
GarryRicketson wrote:
Frenki wrote:
I dont use Denyhost /fail2ban----snip .
Thanks for the information about Honey pot and Tar pit.
These I will definitly look into :D
Since I'm sure this is somewhat I'd like to do with my learning VPS server.

I've been using pentesting platforms like backtrack and Kali.
So this is really stuff which interests me a lot.

I'm a guy who has passion in learning programming and networking.
So these 2 terms you gave are definitly added to my todo list for digging into!
Again thanks a lot m8. Ceers! 8)
You should try "fail2ban",.. and also
there is this package for Debian as well :
https://packages.debian.org/jessie/xtables-addons-dkms
and
https://sysadminblog.net/2013/08/debian ... es-tarpit/

Post Reply