Subj : Unwanted connections to port 23.
To : Ignatious
From : Janis Kracht
Date : Tue Oct 24 2017 01:20 pm
Hi,
> I've since recently put my board back on port 23... and I now recall why I
> took it off of it. I keep getting all of these connections from hackers, I
> take it. Anyone know of a way to filter these bad connections?
> I've tried Janis' iptables suggestion, but it isn't working.
The first thing I do after a reboot (which happens rarely) is turn off iptables
since ubuntu starts if right off the bat everytime automatically:
iptables -F
iptables -X
The above two commands do that. Once I've turned it off, I restart it with my
own parameters in the two lines below:
For my web server which I run on port 8080:
1)sudo iptables -I INPUT -p tcp --dport 8080 -i eth0 -m state --state NEW -m
recent --set [all on one line]
2)sudo iptables -I INPUT -p tcp --dport 8080 -i eth0 -m state --state NEW -m
recent --update --seconds 60 --hitcount 2 -j DROP [all on one line]
I could use the same commands for my telnet server which runs on port 2030, so
to include the telnet port I would change "dport 8080" with dport 2030 in the
lines above. If you are using port 23, you would change dport to 23 above.
Finally, I issue the command:
sudo iptables -L
to check that I've got the iptables command that I want:
bbs@filegate:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp dpt:http-alt
state NEW recent: UPDATE seconds: 60 hit_count: 2 name: DEFAULT side: source
tcp -- anywhere anywhere tcp
dpt:http-alt state NEW recent: SET name: DEFAULT side: source
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
The above two commands keep jokers from killing my servers after two
connections in 60 seconds :)
Hope this helps,
Janis
--- BBBS/Li6 v4.10 Toy-3
* Origin: Prism bbs (1:261/38)