Re: idea for improving security
my idea is to add some rules to iptables eg
iptables -A INPUT -p tcp --dport 1985 -j LOG --prefix "key port 1:"
iptables -A INPUT -p tcp --dport 1985 -j DROP
iptables -A INPUT -p tcp --dport 12731 -j LOG --prefix "key port 2:"
iptables -A INPUT -p tcp --dport 12731 -j DROP
iptables -A INPUT -p tcp --dport 200312 -j LOG --prefix "key port 3:"
iptables -A INPUT -p tcp --dport 200312 -j DROP
iptables -A INPUT -p tcp --dport 436093 -j LOG --prefix "key port 4:"
iptables -A INPUT -p tcp --dport 436093 -j DROP
iptables -A INPUT -p tcp --dport 1 -j LOG --prefix "key port 5:"
iptables -A INPUT -p tcp --dport 1 -j DROP
iptables -A INPUT -p tcp --dport 1123123 -j LOG --prefix "key port 6:"
iptables -A INPUT -p tcp --dport 1123123 -j DROP
so you get:
1. ports are DROPED everytime you try to access them (you can set the
drop rule to something else (reply with reset or sth)
2. you have log entries like key port 2: SRC=xxx.xxx.xxx.xxx etc.
so you just use bash/awk/grep/perl to find the sequence in order from
the ip and open/close the port as you wish
if you need i could write such scripts and send it to the group/to you
Geetings,
Kuba BIGHard Jakubik
jid: bighard@pb6.wrzesnia.sdi.tpnet.pl
Reply to: