How to protect a PC with ufw?

Kernels & Hardware, configuring network, installing services

How to protect a PC with ufw?

Postby hack3rcon » 2020-09-20 18:25

Hello,
I'm using Debian 10.5 x86_64 and I installed Gufw and enabled it. By default, "Incoming" is "Deny" and "Outgoing" is "Allow". I want to protect my PC from some popular attacks and I'm thankful if anyone here advice me.
I found some thing like https://billing.xenmin.com/knowledgebase/13/UFW-Anti-DDOS-How-to-protect-against-DDoS-with-UFW.html?language=english, but to be honest I don't know it is enough or not.

Thank you.
hack3rcon
 
Posts: 447
Joined: 2015-02-16 09:54

Re: How to protect a PC with ufw?

Postby reinob » 2020-09-21 11:20

do you have any services listening on open ports?
check with
Code: Select all
# netstat -ptln | grep -v " 127.0.0.1:" | grep -v " ::1:"


If nothing shows up, then you don't need a firewall.
If something shows up, then post here again.
reinob
 
Posts: 820
Joined: 2014-06-30 11:42

Re: How to protect a PC with ufw?

Postby hack3rcon » 2020-09-24 13:26

The output is:
Code: Select all
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name   
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      981/sshd           
tcp6       0      0 :::22                   :::*                    LISTEN      981/sshd           

A Linux system without any service is not vulnerable!? Some attacks like DDoS doesn't need any service and just IP!
hack3rcon
 
Posts: 447
Joined: 2015-02-16 09:54

Re: How to protect a PC with ufw?

Postby Head_on_a_Stick » 2020-09-24 14:06

hack3rcon wrote:Some attacks like DDoS doesn't need any service and just IP!

Please read the "what is a DDoS attack" section in the link you provided in the OP. Those attacks only affect a server and you're not running a server (at least according to your posted command output).
Black Lives Matter

Debian buster-backports ISO image: for new hardware support
User avatar
Head_on_a_Stick
 
Posts: 12650
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: How to protect a PC with ufw?

Postby reinob » 2020-09-25 06:37

hack3rcon wrote:A Linux system without any service is not vulnerable!? Some attacks like DDoS doesn't need any service and just IP!


Read what @Head_on_a_Stick has written.

I might also add that in principle your computer can be "attacked" even if no ports are open, e.g. using vulnerabilities in the packet handling itself. These are however kernel vulnerabilities, which probably can be better addressed by the kernel developers than by some random forum guy using ufw.

Please also note that DoS != DDoS.
reinob
 
Posts: 820
Joined: 2014-06-30 11:42

Re: How to protect a PC with ufw?

Postby hack3rcon » 2020-09-26 07:31

Thus, a normal user like me can't do anything?
hack3rcon
 
Posts: 447
Joined: 2015-02-16 09:54

Re: How to protect a PC with ufw?

Postby Head_on_a_Stick » 2020-09-26 08:30

If you're not running a server then you don't need to do anything because you're not at risk from a DDoS attack.

At the moment you don't need a firewall at all and all it's doing with your current configuration is blocking your SSH daemon.
Black Lives Matter

Debian buster-backports ISO image: for new hardware support
User avatar
Head_on_a_Stick
 
Posts: 12650
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: How to protect a PC with ufw?

Postby reinob » 2020-09-26 08:34

hack3rcon wrote:Thus, a normal user like me can't do anything?


Yes, you can for example try to decide when a particular situation should be considered a DDoS attack vs normal server usage.

Say you have a web server and suddenly you receive 1000 connections from different addresses. Is it an attack? or is your web site just popular?

Once you've established the criteria for telling one from the other, you can implement the required filter.
reinob
 
Posts: 820
Joined: 2014-06-30 11:42

Re: How to protect a PC with ufw?

Postby hack3rcon » 2020-10-19 10:07

reinob wrote:
hack3rcon wrote:Thus, a normal user like me can't do anything?


Yes, you can for example try to decide when a particular situation should be considered a DDoS attack vs normal server usage.

Say you have a web server and suddenly you receive 1000 connections from different addresses. Is it an attack? or is your web site just popular?

Once you've established the criteria for telling one from the other, you can implement the required filter.

Good questions. How can I detect good connections from bad connections?
hack3rcon
 
Posts: 447
Joined: 2015-02-16 09:54

Re: How to protect a PC with ufw?

Postby reinob » 2020-10-19 11:17

hack3rcon wrote:Good questions. How can I detect good connections from bad connections?


That's a rather subjective question.

In your specific case, since you only have a ssh server listening, you might just ignore the question.
A good connection will end up in a logged on user.
A bad connection will fail authentication.

If you use OpenSSH *and* either very (emphasis on VERY) good passwords or use public key authentication, then you can relax and watch how random computers try to get into yours.

If you want to stop them from trying after a few attempts, you can use fail2ban.

You can also run openssh on another random port, which is less likely to be targetted (but it will).

If you want to slow down potential attackers, you can use a "tarpit", so that they stick around for a while.. normally the connection breaks after one minute, but that's one attacker doing one attempt per minute vs 1000s, so it may actually slow them down.

Read: https://nullprogram.com/blog/2019/03/22/ if you want to learn something interesting.
reinob
 
Posts: 820
Joined: 2014-06-30 11:42


Return to System configuration

Who is online

Users browsing this forum: Bernoot and 25 guests

fashionable