Archive

Archives pour la catégorie ‘Sécurité’

How To Configure Port Knocking Using Only IPTables on an Ubuntu VPS

11/05/2021 Aucun commentaire

Source: digitalocean.com

Introduction

Servers that are connected to the internet are subjected to all manners of attacks and probes by malicious users, scripts, and automated bots. It is sometimes a balancing act to secure your server from attacks without affecting legitimate access to your services and resources.

Certain types of services are meant to be visible and consumable to the public internet. An example of this is a web server. Other types of services are typically used by only the system administrator or a select number of individuals and are not meant to be a public resource.

A concept known as port knocking is a way of shielding processes that fit into the latter description. Port knocking works by covering the ports associated with a process behind a firewall until a specific, predetermined sequence of network activity occurs. At this point, the port knocking service reconfigures the firewall to allow access to the protected application.

In a previous article, we discussed how to enable port knocking through a specially designed port knocking service. In this article, we will discuss an alternative method of configuring port knocking.

This method does not rely on an external application to alter the firewall rules. Instead, the iptables firewall can take advantage of a state-tracking module called “recent” to do all of this within the firewall rules themselves.

We will be configuring this on an Ubuntu 12.04 droplet, but any kind of Linux server should operate in a similar manner.

Note: This tutorial covers IPv4 security. In Linux, IPv6 security is maintained separately from IPv4. For example, “iptables” only maintains firewall rules for IPv4 addresses but it has an IPv6 counterpart called “ip6tables”, which can be used to maintain firewall rules for IPv6 network addresses.

If your VPS is configured for IPv6, please remember to secure both your IPv4 and IPv6 network interfaces with the appropriate tools. For more information about IPv6 tools, refer to this guide: How To Configure Tools to Use IPv6 on a Linux VPS

Lire la suite…

25 Most Frequently Used Linux IPTables Rules Examples

11/05/2021 Aucun commentaire

Source: thegeekstuff.com

At a first glance, IPTables rules might look cryptic.

In this article, I’ve given 25 practical IPTables rules that you can copy/paste and use it for your needs.

These examples will act as a basic templates for you to tweak these rules to suite your specific requirement.

For easy reference, all these 25 iptables rules are in shell script format: iptables-rules
Lire la suite…

Categories: Réseau, Sécurité Tags: ,

Configurer IPTables pour Netfilter sous Debian Squeeze

10/05/2021 Aucun commentaire

Qu’est-ce que c’est?

IPTables regroupe les lignes de commandes nécessaires à la gestion de Netfilter. Oui mais que fait Netfilter ? Pour les anglophones, vous aurez remarquer que dans Netfilter, il y a Net et il y a Filter donc à priori ça va parler d’Internet et de filtrage. Et qui dit filtrage, veut dire Firewall.

Voilà le mot est laché ! Le couple Netfilter/IPTables permet de faire du filtrage de port grâce à des règles de pare-feu. Il sera alors possible de bloquer certains paquets IP et de laisser passer ceux qui nous intéressent. Par exemple par le port 80 (le port pour http), le trafic Internet sera possible et votre navigateur préféré vous emmènera sur les autoroutes du savoir offert par Internet. Lire la suite…

Arethusa le test

08/05/2021 Aucun commentaire

Un nouveau test VPN publié par le blog du VPN. Ici les VPN sont testés , configurés par créer une base de données la plus fiable possible. Arethusa à ses adeptes, il a déjà été l’ objet d’ une publication par alipaxe. Comme toujours on essayera d’ insister sur les particularités: méthode de configuration – protocole rare – tutos techniques.

Arethusa est proposé par S6N.org: une organisation internationale à but non lucratif fondée en 2003, pour promouvoir liberté d’expression sur Internet. La juridiction dont dépend ce VPN est celle des îles Seychelles: « Applicable jurisdiction for the handling of personal data is the Republic of Seychelles. Only Seychelles authorities can ask us to reveal your personal details. The only details we have about you are the ones you entered yourself. » Le whois de S6N.org confirme l’ enregistrement de nom de domaine de  l’ organisation à Victoria, capitale de cette République. Bien que le site soit en Anglais, le support technique et l’ interface sont en français. Lire la suite…

Watch iptables counters

04/05/2021 Aucun commentaire

How to check iptables traffic on the fly?

Here are a few commands that can help:

watch --interval 0 'iptables -nvL | grep -v "0 0"'

This will allow you to watch as matches occur in real-time. To filter out only ACCEPT, DROP, LOG..etc, then run the following command: watch ‘iptables -nvL | grep -v “0 0” && grep “ACCEPT”‘ The -v is used to do an inverted filter. ie. NOT “0 0”

watch 'iptables -vL'

Watch the number of packets/bytes coming through the firewall. Useful in setting up new iptables rules or chains. Use this output to reorder rules for efficiency.

while true; do iptables -nvL > /tmp/now; diff -U0 /tmp/prev /tmp/now > /tmp/diff; clear; cat /tmp/diff; mv /tmp/now /tmp/prev; sleep 1; done

this alternative shows the differences as they occur so that they are made plain

watch -d -n 2 iptables -nvL

This will highlight (with a box over it) any changes since the last refresh.