2017-05-16, pi

1 minute read

SSH

Sometimes you jsut need to ssh in to a specific port on a host, becuase well running ssh on a standard port is often a bad idea. ssh asdfasdf -p 80` (lowercase p)

scp

Again if ssh is then running on a different port you are going to need to use scp on a different port. A similar syntax is needed for that.

scp -P 80 … # Use port 80 to bypass the firewall, instead of the scp default (uppercase P)

#nmap nmap cheat sheet nmap-cheatsheet-a-quick-reference-guide

iptables!

flooding of RST packets, smurf attack Rejection

iptables -A INPUT -p tcp -m tcp –tcp-flags RST RST -m limit –limit 2/second –limit-burst 2 -j ACCEPT

Protecting portscans

Attacking IP will be locked for 24 hours (3600 x 24 = 86400 Seconds)

iptables -A INPUT -m recent –name portscan –rcheck –seconds 86400 -j DROP iptables -A FORWARD -m recent –name portscan –rcheck –seconds 86400 -j DROP

Remove attacking IP after 24 hours

iptables -A INPUT -m recent –name portscan –remove iptables -A FORWARD -m recent –name portscan –remove

These rules add scanners to the portscan list, and log the attempt.

iptables -A INPUT -p tcp -m tcp –dport 139 -m recent –name portscan –set -j LOG –log-prefix “portscan:” iptables -A INPUT -p tcp -m tcp –dport 139 -m recent –name portscan –set -j DROP

iptables -A FORWARD -p tcp -m tcp –dport 139 -m recent –name portscan –set -j LOG –log-prefix “portscan:” iptables -A FORWARD -p tcp -m tcp –dport 139 -m recent –name portscan –set -j DROP

http://sharadchhetri.com/2013/06/15/how-to-protect-from-port-scanning-and-smurf-attack-in-linux-server-by-iptables/

surfing as googlebot http://proggblo.blogspot.com/2013/09/how-to-surf-as-googlebot-in-chrome-easy.html

Updated: