Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
How to protect a PC with ufw?
How to protect a PC with ufw?
Hello,
I'm using Debian 10.5 x86_64 and I installed Gufw and enabled it. By default, "Incoming" is "Deny" and "Outgoing" is "Allow". I want to protect my PC from some popular attacks and I'm thankful if anyone here advice me.
I found some thing like https://billing.xenmin.com/knowledgebas ... ge=english, but to be honest I don't know it is enough or not.
Thank you.
I'm using Debian 10.5 x86_64 and I installed Gufw and enabled it. By default, "Incoming" is "Deny" and "Outgoing" is "Allow". I want to protect my PC from some popular attacks and I'm thankful if anyone here advice me.
I found some thing like https://billing.xenmin.com/knowledgebas ... ge=english, but to be honest I don't know it is enough or not.
Thank you.
Re: How to protect a PC with ufw?
do you have any services listening on open ports?
check with
If nothing shows up, then you don't need a firewall.
If something shows up, then post here again.
check with
Code: Select all
# netstat -ptln | grep -v " 127.0.0.1:" | grep -v " ::1:"
If something shows up, then post here again.
Re: How to protect a PC with ufw?
The output is:
A Linux system without any service is not vulnerable!? Some attacks like DDoS doesn't need any service and just IP!
Code: Select all
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 981/sshd
tcp6 0 0 :::22 :::* LISTEN 981/sshd
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: How to protect a PC with ufw?
Please read the "what is a DDoS attack" section in the link you provided in the OP. Those attacks only affect a server and you're not running a server (at least according to your posted command output).hack3rcon wrote:Some attacks like DDoS doesn't need any service and just IP!
deadbang
Re: How to protect a PC with ufw?
Read what @Head_on_a_Stick has written.hack3rcon wrote: A Linux system without any service is not vulnerable!? Some attacks like DDoS doesn't need any service and just IP!
I might also add that in principle your computer can be "attacked" even if no ports are open, e.g. using vulnerabilities in the packet handling itself. These are however kernel vulnerabilities, which probably can be better addressed by the kernel developers than by some random forum guy using ufw.
Please also note that DoS != DDoS.
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: How to protect a PC with ufw?
If you're not running a server then you don't need to do anything because you're not at risk from a DDoS attack.
At the moment you don't need a firewall at all and all it's doing with your current configuration is blocking your SSH daemon.
At the moment you don't need a firewall at all and all it's doing with your current configuration is blocking your SSH daemon.
deadbang
Re: How to protect a PC with ufw?
Yes, you can for example try to decide when a particular situation should be considered a DDoS attack vs normal server usage.hack3rcon wrote:Thus, a normal user like me can't do anything?
Say you have a web server and suddenly you receive 1000 connections from different addresses. Is it an attack? or is your web site just popular?
Once you've established the criteria for telling one from the other, you can implement the required filter.
Re: How to protect a PC with ufw?
Good questions. How can I detect good connections from bad connections?reinob wrote:Yes, you can for example try to decide when a particular situation should be considered a DDoS attack vs normal server usage.hack3rcon wrote:Thus, a normal user like me can't do anything?
Say you have a web server and suddenly you receive 1000 connections from different addresses. Is it an attack? or is your web site just popular?
Once you've established the criteria for telling one from the other, you can implement the required filter.
Re: How to protect a PC with ufw?
That's a rather subjective question.hack3rcon wrote: Good questions. How can I detect good connections from bad connections?
In your specific case, since you only have a ssh server listening, you might just ignore the question.
A good connection will end up in a logged on user.
A bad connection will fail authentication.
If you use OpenSSH *and* either very (emphasis on VERY) good passwords or use public key authentication, then you can relax and watch how random computers try to get into yours.
If you want to stop them from trying after a few attempts, you can use fail2ban.
You can also run openssh on another random port, which is less likely to be targetted (but it will).
If you want to slow down potential attackers, you can use a "tarpit", so that they stick around for a while.. normally the connection breaks after one minute, but that's one attacker doing one attempt per minute vs 1000s, so it may actually slow them down.
Read: https://nullprogram.com/blog/2019/03/22/ if you want to learn something interesting.