 |
 |
I'm Being Hacked - IPFW help?
|
|
|
|
|
Dedicated MacNNer
Join Date: May 2002
Location: Brooklyn, NY
Status:
Offline
|
|
Hi,
After looking at my ftp logs, and system logs, I've found out that many different people in Korea are trying to break into my ftp server. I do not know why. There's nothing but crap on there. Anyway, I was wondering if anyone here can help me set up IPFW or anything else to block the IPs of people who port scan, or try to log into ftp a billion times and fail, that sort of thing.
Thanks very much.
My little imac (running 10.2.8) will be very grateful.
gabe
|
|
|
| |
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: May 2000
Location: Collie-fornya
Status:
Offline
|
|
|
|
|
Suicide Bombers: That never-say-die spirit. No, that's not right.
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: Dec 2001
Location: Atlanta, GA, USA
Status:
Offline
|
|
Get this:
Brickhouse
It's a nice GUI for configuring your firewall.
|
|
Mac Pro 2x 2.66 GHz Dual core, Apple TV 160GB, two Windows XP PCs
|
| |
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: May 2002
Location: Brooklyn, NY
Status:
Offline
|
|
Cool,
brickhouse looks great. I've read the IPFW page, and I still have no idea how to do what i'd like.
I want to ban IPs depending on a # of failed logins. Can anybody help me with that?
Maybe someone could help me install snort? I took a look at that henwen program, but I don''t understand half the stuff it does.
thanks again,
gabe and the imac
|
|
|
| |
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Jul 2002
Location: Boston, MA
Status:
Offline
|
|
Odd, I was thinking shell script at first but then I thought about how the logs are and how sed/awk would work at that point. And then there's sending RSTs to undesireable parties.
Snort, as you mentioned, should be able to handle what you are thinking with its flex-response module. Snort.org has a link to flex-response and I have found their documentation to be very good.
|
|
|
| |
|
|
|
|
|
|
|
Professional Poster
Join Date: Jun 2001
Location: Northwest Ohio
Status:
Offline
|
|
Originally posted by Zimwy:
Hi,
After looking at my ftp logs, and system logs, I've found out that many different people in Korea are trying to break into my ftp server. I do not know why.
Because it's there.
Get a router that does NAT, and set up your machine with a firewall application (BrickHouse is good).
Configure the router to allow configuration over the internet (and for God's sake change the default password to something nearly impossible to remember  ), and then set up the NAT table to normally forward the FTP port to a nonexistent computer.
You will be able to access your FTP server from within the network, assuming the firewall is configured properly. If you want to access your FTP server remotely, log in to your router and change the NAT table to point the FTP port to your computer. Do your stuff, then change the router to forward the port to a nonexistent computer when you're done.
This is what I use for remote administration of my computer using Timbuktu.
Why even use FTP? It's so insecure.
You could use SSH tunneling or SCP (Secure copy protocol) or other more secure file transfer services that I'm sure others here will know about.
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|
Top
