Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
Send a bad ip connection back to himself
Re: Send a bad ip connection back to himself
A good troubleshooting step might be to drop one source you are presently concerned with. No need to send anything anywhere or otherwise muddy the water. Then see what if anything, breaks on your end. This should at least suggest to you if the traffic you seem to be concerned with is either legitimate, anomalous, or (unlikely) nefarious.
Nobody would ever ask questions If everyone possessed encyclopedic knowledge of the man pages.
Re: Send a bad ip connection back to himself
Hmm.. I'm not sure you've understood how a firewall works. Basically, it does exactly what you want :)Frenki wrote: Still I'm searching for a way to totally block connections not filter them with firewall.
Basically just like the route command rejecting a host by ip
but I'd like to allow a host by ip and make a route command to reject all the others.
Can't seem to find that since it's hard for me to formulate what I'd like to achieve in a searchengine.
If i search all i get is IPTABLES.
Yet IPTABLES means they allready connected to the server and then face the firewall.
I dont want them even to reach the firewall. since I know what is allowed to come in.
I'm not sure if that what I want is possible though but I'm certain that if i can use route to reject one connection.
It allmost must be possible to reject all except 1 or more defined ip's
You get to decide whether a packet is REJECTed or DROPped. In both cases, your server will see the initial connection attempt (SYN), but the connection will not be established.
You can't just reject a connection before it's even attempted!
Re: Send a bad ip connection back to himself
Okay, actually I do understand how firewalls workreinob wrote:Hmm.. I'm not sure you've understood how a firewall works. Basically, it does exactly what you wantFrenki wrote: Still I'm searching for a way to totally block connections not filter them with firewall.
Basically just like the route command rejecting a host by ip
but I'd like to allow a host by ip and make a route command to reject all the others.
Can't seem to find that since it's hard for me to formulate what I'd like to achieve in a searchengine.
If i search all i get is IPTABLES.
Yet IPTABLES means they allready connected to the server and then face the firewall.
I dont want them even to reach the firewall. since I know what is allowed to come in.
I'm not sure if that what I want is possible though but I'm certain that if i can use route to reject one connection.
It allmost must be possible to reject all except 1 or more defined ip's
You get to decide whether a packet is REJECTed or DROPped. In both cases, your server will see the initial connection attempt (SYN), but the connection will not be established.
You can't just reject a connection before it's even attempted!
I'm just trying to achieve this without using 2 servers.
If I use 2 servers I can do that what I want.
Use one server in front of the other which acts like a router.
If the connection is allowed then the routing server sends the connection to the actual sever.
I just wanted to know if this is possible by just using one server who is connected to the internet directly.
Re: Send a bad ip connection back to himself
i was going to say the same but didn't feel competent enough to say it.reinob wrote:Hmm.. I'm not sure you've understood how a firewall works. Basically, it does exactly what you want
it seems to me Frenzi actually WANTS these "bad ip connections", because it's a cool opportunity to learn things.
fine.
if not, they should still use something fairly simple like fail2ban AND configure their firewall properly.
Re: Send a bad ip connection back to himself
A firewall is just some software running on a computer (you can call it "server" if you like).Frenki wrote: Okay, actually I do understand how firewalls work :D
I'm just trying to achieve this without using 2 servers.
If I use 2 servers I can do that what I want.
Use one server in front of the other which acts like a router.
If the connection is allowed then the routing server sends the connection to the actual sever.
I just wanted to know if this is possible by just using one server who is connected to the internet directly.
It will only ever see a packet, i.e. decide on whether to allow, reject or mangle it, once the packet has reached the server.
You cannot prevent a computer from physically receiving the packet. If it's addressed to it, or to the broadcast address, or to a subscribed multicast address, or the network card is in promiscous mode, the software (= firewall) will receive it and it will have to take a decision.
I have now the weirdest deja vu because today, at work, I actually wrote more or less what I've written here, which is kinda spooky.
- GarryRicketson
- Posts: 5644
- Joined: 2015-01-20 22:16
- Location: Durango, Mexico
Re: Send a bad ip connection back to himself
You should try "fail2ban",.. and alsoFrenki wrote:Thanks for the information about Honey pot and Tar pit.GarryRicketson wrote:Frenki wrote:
I dont use Denyhost /fail2ban----snip .
These I will definitly look into
Since I'm sure this is somewhat I'd like to do with my learning VPS server.
I've been using pentesting platforms like backtrack and Kali.
So this is really stuff which interests me a lot.
I'm a guy who has passion in learning programming and networking.
So these 2 terms you gave are definitly added to my todo list for digging into!
Again thanks a lot m8. Ceers!
there is this package for Debian as well :
https://packages.debian.org/jessie/xtables-addons-dkms
and
https://sysadminblog.net/2013/08/debian ... es-tarpit/