Archives pour la catégorie ‘Sécurité’

Block WordPress xmlprc.php DDOS attacks using Fail2Ban

17/04/2024 Aucun commentaire

Few days ago, my friend’s WordPress website went down. After investigation, I have figured out that it was receiving massive amount of posts requests to the xmlrpc.php file, which brings the apache and mysql to eat up all the system resources and the website crashed. Fortunately, I have figured out the way to mitigate this attack using Fail2Ban, which I’ll share in this post.

Install the Fail2Ban package using the following command:

apt-get install fail2ban iptables

1Make a local copy of jail.conf file for configuration change:

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local


Lire la suite…

Linux Iptables Block Outgoing Access To Selected or Specific IP Address / Port

17/04/2024 Aucun commentaire

You would like to block outgoing access to particular remote host/ip or port for all or selected service/port. In this quick tutorial I will explain how to use iptables to block outgoing access.

Block Access To Outgoing IP Address

The following rule will block ip address from making any outgoing connection:

iptables -A OUTPUT -d -j DROP

The above will block chat server ip address or site having dangerous contains such as viruses or malware.

Block Access To Outgoing IP TCP / UDP Port Number

To block specific port number such tcp port # 5050, enter:
iptables -A OUTPUT -p tcp --dport 5050 -j DROP

To block tcp port # 5050 for an IP address only, enter:
iptables -A OUTPUT -p tcp -d --dport 5050 -j DROP

Finally, you need to save your firewall rules. Under CentOS / RHEL / Fedora Linux, enter:
# /sbin/service iptables save
# /etc/init.d/iptables save

Categories: Réseau, Sécurité Tags: ,

Postrouting and IP Masquerading in Linux

16/04/2024 Aucun commentaire

postrouting masqueradingIPTables is responsible to handle packet filtering in Linux system. IPTables contains several predefined and/or user-defined tables. Each table contains chains and chain contain packet rules. IPTables uses NAT table to forward packets to another node.


A Postrouting chain in NAT table means altering the IP packet after the routing is completed. Logically, a postrouting can be used to change the Source Address. As the routing is completed and destination has his own address, the only unknown address that can be masked is the Source. This is why postrouting is used for SNAT.


Now, when a packet leaves the local network and tries to travel the public network, it will fail to traverse if it keeps using the local details. This is where IP Masquerading plays the role. IP Masquerading is masking the packet with identity of the external interface.


When a packet arrives to the local gateway that has external interface, masks the packet with IP Masquerading and send it through the public interface. That says, packet has to be routed first before mangling it for Masquerading. That is why, you need to apply the Masquerading target on the Postrouting chain of the NAT table.

How to setup Masquerading in Linux Firewall?

The following command will enable IP Masquerading in Linux Firewall:

$ iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

The above rule will use NAT table (-t nat) on built-in Postrouting Chain (-A POSTROUTING) on interface eth0 (-o eth0).

The target Masquerade (-j MASQUERADE) advises to mask the above matched IP packets from the related table to external interface of the system.

Thus the above, would allow the local networks to gain access to external network through IP Masquerading.


Source: Mellowhost

Linux: 20 Iptables Examples For New SysAdmins

02/04/2024 Comments off


Iptables Examples For New SysAdmins

Linux comes with a host based firewall called Netfilter. According to the official project site:

netfilter is a set of hooks inside the Linux kernel that allows kernel modules to register callback functions with the network stack. A registered callback function is then called back for every packet that traverses the respective hook within the network stack.

This Linux based firewall is controlled by the program called iptables to handles filtering for IPv4, and ip6tables handles filtering for IPv6. I strongly recommend that you first read our quick tutorial that explains how to configure a host-based firewall called Netfilter (iptables) under CentOS / RHEL / Fedora / Redhat Enterprise Linux. This post list most common iptables solutions required by a new Linux user to secure his or her Linux operating system from intruders.



IPTABLES Rules Example

  • Most of the actions listed in this post are written with the assumption that they will be executed by the root user running the bash or any other modern shell. Do not type commands on remote system as it will disconnect your access.
  • For demonstration purpose I’ve used RHEL 6.x, but the following command should work with any modern Linux distro.
  • This is NOT a tutorial on how to set iptables. See tutorial here. It is a quick cheat sheet to common iptables commands.

Lire la suite…

Testing firewall rules with Hping3 – examples

29/03/2024 Comments off

1. Testing ICMP:

In this example hping3 will behave like a normal ping utility, sending ICMP-echo und receiving ICMP-reply

hping3 -1

2. Traceroute using ICMP:

This example is similar to famous utilities like tracert (Windows) or traceroute (Linux) who uses ICMP packets increasing every time in 1 its TTL value.

hping3 --traceroute -V -1

3. Checking port:

Here hping3 will send a SYN packet to a specified port (80 in our example). We can control also from which local port will start the scan (5050).

hping3 -V -S -p 80 -s 5050

Lire la suite…

Categories: Réseau, Sécurité Tags: , , ,