Re: idea for improving security

To: debian-security@lists.debian.org
Subject: Re: idea for improving security
From: kuba.jakubik@poczta.fm
Date: Wed, 07 May 2003 12:42:09 +0200
Message-id: <3EB8E301.2080001@poczta.fm>

my idea is to add some rules to iptables eg

iptables -A INPUT -p tcp --dport 1985 -j LOG --prefix "key port 1:"
iptables -A INPUT -p tcp --dport 1985 -j DROP

iptables -A INPUT -p tcp --dport 12731 -j LOG --prefix "key port 2:"
iptables -A INPUT -p tcp --dport 12731 -j DROP

iptables -A INPUT -p tcp --dport 200312 -j LOG --prefix "key port 3:"
iptables -A INPUT -p tcp --dport 200312 -j DROP

iptables -A INPUT -p tcp --dport 436093 -j LOG --prefix "key port 4:"
iptables -A INPUT -p tcp --dport 436093 -j DROP

iptables -A INPUT -p tcp --dport 1 -j LOG --prefix "key port 5:"
iptables -A INPUT -p tcp --dport 1 -j DROP

iptables -A INPUT -p tcp --dport 1123123 -j LOG --prefix "key port 6:"
iptables -A INPUT -p tcp --dport 1123123 -j DROP

so you get:

1. ports are DROPED everytime you try to access them (you can set the
drop rule to something else (reply with reset or sth)
2. you have log entries like key port 2: SRC=xxx.xxx.xxx.xxx etc.
so you just use bash/awk/grep/perl to find the sequence in order from
the ip and open/close the port as you wish

if you need i could write such scripts and send it to the group/to you

Geetings,

Kuba BIGHard Jakubik
jid: bighard@pb6.wrzesnia.sdi.tpnet.pl

Reply to:

Prev by Date: Re: Apt-get only security patches
Next by Date: Re: idea for improving security
Previous by thread: Re: idea for improving security
Next by thread: Re: idea for improving security
Index(es):
- Date
- Thread