Linux en Espanol
 
evitar ataques al servidor (tema #18185)
Publicar nuevo tema  Responder al tema    Foros de discusión -> Servidores y Servicios
Autor Mensaje
mauricio21
Forista
Registrado: 2007-03-27
Mensajes: 2

Publicado: 2007-03-27 03:53:37    Asunto: evitar ataques al servidor

Hola a todos los usuarios:

tengo un servidor linux fedora core 2, es un servidor publico que presta servicios de http, ftp, pop3, smtp.

Y en este tiempo hemos estado reciviendo ataques a varios puertos que hacen la conexion mas lenta y algunos servicios se bloquean.

Para ustedes como seria la mejor manera para evitar estos ataques ya que no se como evitar esto

bueno eso es

saludos k esten todos

Mauricio
cyrano
Forista


Registrado: 2006-12-28
Mensajes: 178

Publicado: 2007-03-27 11:07:50    Asunto:

Reglas iptables
mike114x
Forista
Registrado: 2004-01-23
Mensajes: 561

Publicado: 2007-03-27 14:50:51    Asunto:

fail2ban. es facil de instalar, no tengo mucha info a la mano, pero no es complicado, cuando el recibe varios intentos fallidos de conexion a algun puerto o aplicacion crea un regla de iptables que te bloquea las conexiones de esa IP, yo lo use para SSH y funcionaba bien en fedora 3, buscalo por apt o yum.

O si siempre es la misma IP que te fastidia entonces crea un regla fija en IPtables y listo.

Saludos
chema
Forista


Registrado: 2006-04-05
Mensajes: 296

Publicado: 2007-03-27 19:12:26    Asunto:

úQué tipo de ataques? especifica un poco más
Osorio
Forista
Registrado: 2005-12-11
Mensajes: 16

Publicado: 2007-03-27 19:23:59    Asunto:

configura el tu firewall
mauricio21
Forista
Registrado: 2007-03-27
Mensajes: 2

Publicado: 2007-03-27 19:55:26    Asunto:

hice un netstat -a y fue esto lo que me salio

tcp 0 13032 ns.interactivehp.c:http 200.75.14.2:43880 CLOSE_WAIT
tcp 0 13032 ns.interactivehp.c:http 200.75.14.2:45930 CLOSE_WAIT
tcp 0 12727 ns.interactivehp.c:http 200.72.177.209:60401 FIN_WAIT1
tcp 812 0 ns.interactivehp.c:http 200.75.14.2:47457 CLOSE_WAIT
tcp 0 515 ns.interactivehp.c:http 200.75.14.2:41828 FIN_WAIT1
tcp 282 0 pochoco.cl:http lj612251.inktomis:51526 CLOSE_WAIT
tcp 0 13068 ns.interactivehp.c:http 68-38-112.adsl.te:62003 CLOSE_WAIT
tcp 763 0 ns.interactivehp.c:http 200.75.14.2:48231 CLOSE_WAIT
tcp 574 0 ns.interactivehp.c:http 200-126-80-136.bk6:1639 CLOSE_WAIT
tcp 0 11680 ns.interactivehp.c:http Fact-Apoyo.copec.c:3165 ESTABLISHED
tcp 761 0 ns.interactivehp.c:http 200.75.14.2:47740 CLOSE_WAIT
tcp 0 0 ns.interactivehp.c:smtp 209-9-193-67.sdsl:61619 ESTABLISHED
tcp 0 13140 ns.interactivehp.c:pop3 pc-197-115-239-201:3216 ESTABLISHED
tcp 574 0 ns.interactivehp.c:http 200-126-80-136.bk6:1640 CLOSE_WAIT
tcp 926 0 ns.interactivehp.c:http 200.75.14.2:45943 ESTABLISHED
tcp 625 0 ns.interactivehp.c:http 200.75.14.2:48456 ESTABLISHED
tcp 0 32 ns.interactivehp.c:smtp localhost:62228 LAST_ACK
tcp 0 31 ns.interactivehp.c:smtp 219-90-189-71.ip.a:2221 ESTABLISHED
tcp 692 0 ns.interactivehp.c:http pc-62-160-104-200:62461 ESTABLISHED
tcp 926 0 ns.interactivehp.c:http 200.75.14.2:56640 CLOSE_WAIT
tcp 0 0 pochoco.cl:smtp 65-245-231-201.fib:1119 ESTABLISHED
tcp 571 0 ns.interactivehp.c:http 44-48-50.adsl.terr:4651 CLOSE_WAIT
tcp 625 0 ns.interactivehp.c:http 200.75.14.2:48454 ESTABLISHED
tcp 687 0 ns.interactivehp.c:http 200-126-83-39.bk6:57105 ESTABLISHED
tcp 831 0 ns.interactivehp.c:http 200.75.14.2:46684 CLOSE_WAIT
tcp 0 13032 ns.interactivehp.c:http 200.75.14.2:43871 CLOSE_WAIT
tcp 0 1796 ns.interactivehp.cl:ssh 42-189-21.adsl.cu:63381 ESTABLISHED
tcp 702 0 ns.interactivehp.c:http 200.75.14.2:42577 ESTABLISHED
tcp 760 0 ns.interactivehp.c:http 200.75.14.2:47185 CLOSE_WAIT
tcp 0 13032 ns.interactivehp.c:http 200.75.14.2:43858 CLOSE_WAIT
tcp 743 0 ns.interactivehp.c:http 200.75.14.2:42579 ESTABLISHED
tcp 760 0 ns.interactivehp.c:http 200.75.14.2:47701 CLOSE_WAIT
tcp 729 0 ns.interactivehp.c:http 200.75.14.2:48727 CLOSE_WAIT
tcp 0 13032 ns.interactivehp.c:http 200.75.14.2:37160 ESTABLISHED
tcp 439 0 ns.interactivehp.c:http 200-126-66-4.bk5-d:kpop CLOSE_WAIT
tcp 0 13140 ns.interactivehp.c:http cable201-233-53-17:1263 ESTABLISHED
tcp 787 0 ns.interactivehp.c:http 200.75.14.2:48442 ESTABLISHED
tcp 0 13032 ns.interactivehp.c:http 200.75.14.2:44859 CLOSE_WAIT
tcp 798 0 ns.interactivehp.c:http 200.75.14.2:38462 ESTABLISHED
tcp 0 681 ns.interactivehp.c:http 200.75.14.2:44606 LAST_ACK
tcp 0 1 ns.interactivehp.:36032 209-9-193-67.sdsl.:auth SYN_SENT
tcp 0 13032 ns.interactivehp.c:http 200.75.14.2:44340 CLOSE_WAIT
tcp 224 0 ns.interactivehp.c:http bzq-84-108-25-13.c:4919 CLOSE_WAIT
tcp 110 0 ns.interactivehp.c:http 200.14.80.40:46395 CLOSE_WAIT
tcp 90 0 ns.interactivehp.c:http 200.14.80.40:46396 CLOSE_WAIT
tcp 0 13032 ns.interactivehp.c:http 200.75.14.2:44301 CLOSE_WAIT
tcp 419 0 ns.interactivehp.c:http 219-235-223-201.a:64599 ESTABLISHED
tcp 0 1918 ns.interactivehp.c:http 200.75.14.2:45056 LAST_ACK
tcp 0 1918 ns.interactivehp.c:http 200.75.14.2:45056 LAST_ACK
tcp 72 0 pochoco.cl:http pochoco.cl:35439 CLOSE_WAIT
tcp 589 0 ns.interactivehp.c:http 161-47-89.adsl.te:63093 ESTABLISHED
tcp 72 0 pochoco.cl:http pochoco.cl:35445 CLOSE_WAIT
tcp 0 13033 ns.interactivehp.c:http 200.75.14.2:43284 LAST_ACK
tcp 0 0 ns.interactivehp.c:smtp 200.27.93.67:1876 ESTABLISHED
tcp 0 0 ns.interactivehp.c:smtp 200.27.93.67:1876 ESTABLISHED
tcp 760 0 ns.interactivehp.c:http 200.75.14.2:47848 CLOSE_WAIT
tcp 481 0 ns.interactivehp.c:http pc-87-11-83-200.c:61345 ESTABLISHED
tcp 0 32 ns.interactivehp.c:smtp 211.90.112.46:29103 LAST_ACK
tcp 0 0 ns.interactivehp.c:1040 200.14.80.40:46555 TIME_WAIT
tcp 0 0 ns.interactivehp.c:http 200.75.14.2:34287 ESTABLISHED
tcp 0 0 ns.interactivehp.cl:ssh 42-189-21.adsl.cu:63530 ESTABLISHED
tcp 527 0 ns.interactivehp.c:http 161-47-89.adsl.te:63118 ESTABLISHED
tcp 0 13033 ns.interactivehp.c:http 200.75.14.2:43769 LAST_ACK
tcp 0 3283 ns.interactivehp.c:http 200.75.14.2:45049 LAST_ACK
tcp 0 3613 ns.interactivehp.c:http 200.75.14.2:45050 LAST_ACK
tcp 0 3613 ns.interactivehp.c:http 200.75.14.2:45051 LAST_ACK
tcp 0 3613 ns.interactivehp.c:http 200.75.14.2:45052 LAST_ACK
tcp 0 1 ns.interactivehp.:36067 192.118.82.244:smtp SYN_SENT
tcp 0 1908 ns.interactivehp.c:http 200.75.14.2:45054 LAST_ACK
tcp 0 13032 ns.interactivehp.c:http 200.75.14.2:43774 CLOSE_WAIT
tcp 0 0 ns.interactivehp.c:smtp 58.181.179.235:4779 ESTABLISHED
tcp 0 0 ns.interactivehp.c:http 236-12-240.adsl.cu:3415 ESTABLISHED
tcp 0 1856 ns.interactivehp.c:http 200.75.14.2:45055 LAST_ACK
tcp 0 13032 ns.interactivehp.c:http 200.75.14.2:43775 CLOSE_WAIT
tcp 462 0 ns.interactivehp.c:http pc-100-228-120-20:59983 CLOSE_WAIT
tcp 0 13033 ns.interactivehp.c:http 200.75.14.2:43762 LAST_ACK
tcp 0 13033 ns.interactivehp.c:http 200.75.14.2:43763 LAST_ACK
tcp 744 0 ns.interactivehp.c:http 200.75.14.2:53450 CLOSE_WAIT
tcp 735 0 ns.interactivehp.c:http pc-246-168-214-201:1267 CLOSE_WAIT
tcp 0 0 cascada-expedicion:smtp mail84.megamailse:40195 ESTABLISHED
tcp 462 0 ns.interactivehp.c:http pc-100-228-120-20:61819 CLOSE_WAIT
tcp 760 0 ns.interactivehp.c:http 200.75.14.2:48580 CLOSE_WAIT
tcp 462 0 ns.interactivehp.c:http pc-100-228-120-20:61819 CLOSE_WAIT
tcp 760 0 ns.interactivehp.c:http 200.75.14.2:48580 CLOSE_WAIT
tcp 759 0 ns.interactivehp.c:http 200.75.14.2:47813 CLOSE_WAIT
tcp 814 0 ns.interactivehp.c:http 200.75.14.2:56793 CLOSE_WAIT
tcp 1 0 ns.interactivehp.c:http ool-43558105.dyn.o:3915 CLOSE_WAIT
tcp 0 0 ns.interactivehp.:36031 ns.interactivehp:domain TIME_WAIT
tcp 0 0 ns.interactivehp.:36030 ns.interactivehp:domain TIME_WAIT
tcp 0 0 ns.interactivehp.:36065 ns.interactivehp:domain TIME_WAIT
tcp 0 0 ns.interactivehp.:36064 ns.interactivehp:domain TIME_WAIT
tcp 0 0 ns.interactivehp.:36069 ns.interactivehp:domain TIME_WAIT
tcp 0 0 ns.interactivehp.:36070 ns.interactivehp:domain TIME_WAIT
tcp 0 0 ns.interactivehp.:36057 ns.interactivehp:domain TIME_WAIT
tcp 0 0 ns.interactivehp.:36058 ns.interactivehp:domain TIME_WAIT
tcp 0 0 ns.interactivehp.:36061 ns.interactivehp:domain TIME_WAIT
tcp 0 0 ns.interactivehp.:36062 ns.interactivehp:domain TIME_WAIT
tcp 0 0 ns.interactivehp.:36049 ns.interactivehp:domain TIME_WAIT
tcp 0 0 ns.interactivehp.:36048 ns.interactivehp:domain TIME_WAIT
tcp 0 0 ns.interactivehp.:36053 ns.interactivehp:domain TIME_WAIT
tcp 0 0 ns.interactivehp.:36052 ns.interactivehp:domain TIME_WAIT
tcp 0 0 ns.interactivehp.:36041 ns.interactivehp:domain TIME_WAIT
tcp 0 0 ns.interactivehp.:36042 ns.interactivehp:domain TIME_WAIT
tcp 0 0 ns.interactivehp.:36045 ns.interactivehp:domain TIME_WAIT
tcp 0 0 ns.interactivehp.:36044 ns.interactivehp:domain TIME_WAIT
tcp 0 0 ns.interactivehp.:36035 ns.interactivehp:domain TIME_WAIT
tcp 0 0 ns.interactivehp.:36034 ns.interactivehp:domain TIME_WAIT
tcp 0 0 ns.interactivehp.:36037 ns.interactivehp:domain TIME_WAIT
tcp 0 0 ns.interactivehp.:36039 ns.interactivehp:domain TIME_WAIT
tcp 0 0 ns.interactivehp.:36038 ns.interactivehp:domain TIME_WAIT
tcp 0 31 ns.interactivehp.c:smtp 222.130.105.133:4357 ESTABLISHED
tcp 571 0 ns.interactivehp.c:http 200.75.14.2:59861 ESTABLISHED
tcp 232 0 ns.interactivehp.c:http crawl-66-249-66-1:59992 ESTABLISHED
tcp 623 0 ns.interactivehp.c:http 200.75.14.2:37589 ESTABLISHED
tcp 571 0 ns.interactivehp.c:http 200.75.14.2:59863 ESTABLISHED
tcp 0 1 ns.interactivehp.:36040 58.181.179.235:auth SYN_SENT
tcp 462 0 ns.interactivehp.c:http 200.75.14.2:59304 CLOSE_WAIT
tcp 390 0 ns.interactivehp.c:http pc-3-25-83-200.cm.:2214 ESTABLISHED
tcp 829 0 ns.interactivehp.c:http 200.75.14.2:58282 ESTABLISHED
tcp 810 0 ns.interactivehp.c:http 200.75.14.2:56236 CLOSE_WAIT
tcp 830 0 ns.interactivehp.c:http 200.75.14.2:52640 CLOSE_WAIT
tcp 0 41 ns.interactivehp.c:smtp 124.240.124.222:37967 LAST_ACK
tcp 0 13032 ns.interactivehp.c:http 200.75.14.2:43941 CLOSE_WAIT
tcp 571 0 ns.interactivehp.c:http 200.75.14.2:42407 ESTABLISHED
tcp 219 0 ns.interactivehp.c:http 200.143.19.21:38262 ESTABLISHED
tcp 829 0 ns.interactivehp.c:http 200.75.14.2:55737 ESTABLISHED
tcp 0 0 cascada-expedicion:http c-24-127-75-227.hs:4830 ESTABLISHED
tcp 571 0 ns.interactivehp.c:http 44-48-50.adsl.terr:4567 CLOSE_WAIT
tcp 0 13068 ns.interactivehp.c:http 68-38-112.adsl.te:62693 CLOSE_WAIT
tcp 760 0 ns.interactivehp.c:http 200.75.14.2:47799 CLOSE_WAIT
tcp 0 13032 ns.interactivehp.c:http 200.75.14.2:43915 CLOSE_WAIT
tcp 809 0 ns.interactivehp.c:http 200.75.14.2:48257 CLOSE_WAIT
tcp 814 0 ns.interactivehp.c:http 200.75.14.2:48002 ESTABLISHED
tcp 301 0 pochoco.cl:http livebot-65-55-210-:5651 CLOSE_WAIT
tcp 0 13068 ns.interactivehp.c:http 68-38-112.adsl.te:63697 CLOSE_WAIT
tcp 657 0 ns.interactivehp.c:http 137-129-222-201.ad:1514 ESTABLISHED
tcp 0 13032 ns.interactivehp.c:http 200.75.14.2:44165 CLOSE_WAIT
tcp 885 0 ns.interactivehp.c:http 200.75.14.2:54150 CLOSE_WAIT
tcp 203 0 ns.interactivehp.c:http 200.143.19.21:37961 CLOSE_WAIT
tcp 0 0 ns.interactivehp.c:http 241-221-223-201.ad:2508 ESTABLISHED
tcp 682 0 ns.interactivehp.c:http 200.75.14.2:49799 CLOSE_WAIT
tcp 0 13032 ns.interactivehp.c:http 200.75.14.2:43932 CLOSE_WAIT
tcp 0 0 ns.interactivehp.c:http 200.75.14.2:47516 TIME_WAIT
tcp 0 0 ns.interactivehp.c:http 200.75.14.2:47517 TIME_WAIT
tcp 0 3148 ns.interactivehp.c:http 200.75.14.2:47518 LAST_ACK
tcp 934 0 ns.interactivehp.c:http 200.75.14.2:56990 CLOSE_WAIT
tcp 194 0 ns.interactivehp.c:http lj612382.inktomis:54827 CLOSE_WAIT
tcp 0 12516 ns.interactivehp.c:http 200.75.14.2:44432 LAST_ACK
tcp 0 13032 ns.interactivehp.c:http 200.75.14.2:47506 CLOSE_WAIT
tcp 163 0 ns.interactivehp.c:http bzq-84-108-25-13.c:1195 CLOSE_WAIT
tcp 163 0 ns.interactivehp.c:http bzq-84-108-25-13.c:1195 CLOSE_WAIT
tcp 0 0 pochoco.cl:smtp ns.gsn000.com:47064 ESTABLISHED
tcp 232 0 aflora.cl:http 201.215.229.134:3438 ESTABLISHED
tcp 0 0 ns.interactivehp.c:smtp 190-82-182-179.ad:55949 ESTABLISHED
tcp 301 0 pochoco.cl:http livebot-65-55-210:49402 CLOSE_WAIT
tcp 0 0 ns.interactivehp.c:smtp 190-82-182-253.ad:53979 TIME_WAIT
tcp 0 681 ns.interactivehp.c:http 190-82-231-92.adsl:1493 FIN_WAIT1
tcp 0 681 ns.interactivehp.c:http 190-82-231-92.adsl:1493 FIN_WAIT1
tcp 0 1 ns.interactivehp.:36066 89.0.209.16.dynami:auth SYN_SENT
tcp 424 0 ns.interactivehp.c:http 164.77.163.10:3025 ESTABLISHED
tcp 409 0 ns.interactivehp.c:http 200.7.26.31:21299 ESTABLISHED
tcp 430 0 ns.interactivehp.c:http 201.236.130.213:32843 CLOSE_WAIT
tcp 0 0 ns.interactivehp.c:smtp c-68-45-173-240.hs:3210 ESTABLISHED
tcp 592 0 ns.interactivehp.c:http 54-239-222-201.ad:59673 CLOSE_WAIT
tcp 517 0 ns.interactivehp.c:http 201.236.130.213:32856 ESTABLISHED
tcp 0 0 cascada-expedicion:smtp pbsg2.pbs.dk:11347 ESTABLISHED
tcp 535 0 ns.interactivehp.c:http 201.236.130.213:32855 CLOSE_WAIT
tcp 1 0 ns.interactivehp.c:smtp 89.0.209.16.dynam:12752 CLOSE_WAIT
tcp 613 0 ns.interactivehp.c:http pc-112-207-104-200:2232 CLOSE_WAIT
tcp 468 0 ns.interactivehp.c:http pc-141-68-104-200.:2358 CLOSE_WAIT
tcp 468 0 ns.interactivehp.c:http pc-141-68-104-200.:2358 CLOSE_WAIT
tcp 359 0 ns.interactivehp.c:http pc-87-84-86-200.c:63027 ESTABLISHED
tcp 0 4557 ns.interactivehp.c:http 19-188-222-201.ads:2825 FIN_WAIT1
tcp 104 0 patagonia.travel:http urlc2.mail.mud.ya:27798 CLOSE_WAIT
tcp 0 13140 ns.interactivehp.c:http pc-108-35-104-200:60541 CLOSE_WAIT
tcp 1 26 ns.interactivehp.c:smtp 121.34.228.247:1689 CLOSING
tcp 262 0 ns.interactivehp.c:http lj611257.inktomis:50978 CLOSE_WAIT
tcp 104 0 patagonia.travel:http urlc2.mail.mud.ya:27798 CLOSE_WAIT
tcp 0 13140 ns.interactivehp.c:http pc-108-35-104-200:60541 CLOSE_WAIT
tcp 1 26 ns.interactivehp.c:smtp 121.34.228.247:1689 CLOSING
tcp 262 0 ns.interactivehp.c:http lj611257.inktomis:50978 CLOSE_WAIT
tcp 0 0 ns.interactivehp.:35418 64-71-166-217.outb:smtp ESTABLISHED
tcp 0 0 ns.interactivehp.:36077 autoinstall.plesk.:http TIME_WAIT
tcp 561 0 ns.interactivehp.c:http 121-56-246-201.ads:1821 CLOSE_WAIT
tcp 359 0 ns.interactivehp.c:http pc-87-84-86-200.c:63027 ESTABLISHED
tcp 0 4557 ns.interactivehp.c:http 19-188-222-201.ads:2825 FIN_WAIT1
tcp 0 0 ns.interactivehp.c:smtp 207-255-79-120-dh:11139 ESTABLISHED
tcp 0 0 ns.interactivehp.c:http pc-78-75-104-200.:61998 ESTABLISHED
tcp 104 0 patagonia.travel:http urlc2.mail.mud.ya:27798 CLOSE_WAIT
tcp 0 13140 ns.interactivehp.c:http pc-108-35-104-200:60541 CLOSE_WAIT
tcp 1 26 ns.interactivehp.c:smtp 121.34.228.247:1689 CLOSING
tcp 262 0 ns.interactivehp.c:http lj611257.inktomis:50978 CLOSE_WAIT
tcp 0 0 ns.interactivehp.:35418 64-71-166-217.outb:smtp ESTABLISHED
tcp 0 0 ns.interactivehp.:36077 autoinstall.plesk.:http TIME_WAIT
tcp 561 0 ns.interactivehp.c:http 121-56-246-201.ads:1821 CLOSE_WAIT
tcp 561 0 ns.interactivehp.c:http 121-56-246-201.ads:1800 CLOSE_WAIT
tcp 301 0 pochoco.cl:http livebot-65-55-210:48744 CLOSE_WAIT
tcp 0 21 ns.interactivehp.c:smtp bzq-88-154-110-101:1554 LAST_ACK
tcp 0 0 ns.interactivehp.c:http 121-56-246-201.ads:1835 ESTABLISHED
tcp 320 0 ns.interactivehp.c:http 113-182-246-201.ad:2987 ESTABLISHED
tcp 718 0 ns.interactivehp.c:http pc-108-35-104-200:61119 CLOSE_WAIT
tcp 196 0 ns.interactivehp.c:http lj612391.inktomis:47962 CLOSE_WAIT
tcp 0 0 ns.interactivehp.c:smtp 18913019036.user.:64213 ESTABLISHED
tcp 0 119 cascada-expedicion:smtp bzq-88-153-172-87:63104 LAST_ACK
tcp 0 0 cascada-expedicion:smtp mail.milnet.com.ar:4848 ESTABLISHED
tcp 0 0 cascada-expedicion:smtp mail.milnet.com.ar:4848 ESTABLISHED
tcp 0 0 ns.interactivehp.c:http pc-233-68-239-201.:2901 ESTABLISHED
tcp 0 2335 pochoco.cl:http 164.77.239.18:49487 FIN_WAIT1
tcp 513 0 ns.interactivehp.c:http pc-58-127-44-190.c:2714 ESTABLISHED
tcp 718 0 ns.interactivehp.c:http pc-108-35-104-200:60886 CLOSE_WAIT
tcp 517 0 ns.interactivehp.c:http pc-58-127-44-190.c:2713 ESTABLISHED
udp 0 0 *:32768 *:*
udp 0 0 localhost.localdo:32769 localhost.localdo:32769 ESTABLISHED
udp 0 0 ns.interactivehp.:34228 ns.interactivehp:domain ESTABLISHED



Nota que se repite demasiado una ip, no tengo mucha experiencia, pero creo que es esto el culpable

Sirve esto??
blackraider
Forista


Registrado: 2006-11-19
Mensajes: 492

Publicado: 2007-03-27 20:07:06    Asunto:

Lo primero quisiera saber como habeis determinado que estais sufriendo ataques en los servicios que teneis expuestos. Muchas veces no son tales sino que se trata de problemas en la configuracion.

Segundo: Preguntarte si ya habeis iniciado una busqueda de vulnerabilidades en vuestro servidor. Si no lo habeis hecho podeis hacerlo con Nessus (hoy por hoy de lo mejorcito en cuanto a analisis de vulnerabilidades). Los resultados pueden indicarte cuales son la cosas que debeis cambiar para hacer mas seguro tu servidor.

Tercero: Si habeis realizado un escaneo de puertos en vuestro servidor para saber a que tipos de ataques estais expuestos. Muchos de estos ataques se pueden prevenir modificando iptables y el propio kernel (SYN Flood, DoS, etc..).

Cuarto: El "tengo este problema por favor resolvedmelo" no va aqui muy bien. Para poder ayudarte necesitamos cuanta mas info mejor. Si no das info no podremos ayudarte y solo nos haras perder el tiempo.

Por favor, postea la informacion referente a los servicios "publicos" que tienes en la actualidad con sus versiones respectivas y cuales son las medidas que habeis tomado hasta ahora, tanto para determinar que es un ataque como para mitigar los posibles efectos adversos de este. Seria tambien de ayuda que especificaras si los servicios que prestais son para una intranet o para el publico en general, el tipo de hardware de red que estais usando y el ancho de banda que teneis asignado a estos servicios.


Salu2. blackraider.
TheBalrog
BOFH
Registrado: 2004-04-05
Mensajes: 3012

Publicado: 2007-03-27 21:52:29    Asunto:

blackraider me quito el sombrero ante tu respuesta ;)
tuxnet
Forista
Registrado: 2013-12-08
Mensajes: 4

Publicado: 2013-12-21 17:33:43    Asunto:

Estoy viendo de instalar este programa y tengo algunas dudas.

Estoy preparando un script ejecutable que arranca en el inicio con reglas de iptables que es para natear de una red wifi 10.4.0.0 a una red local en 192.168.0.0 entre otros.
Pregunto si fail2ban borra las reglas del script o las agrega ?

Saludos !





La marca registrada Linux (R) se usa siguiendo la sublicensia obtenida del "Linux Mark Institute",
el LICENCIATARIO exclusivo de Linus Torvalds, propietario de la marca en EEUU y otros países
The registered trademark Linux (R) is used pursuant to a sublicense from the Linux Mark Institute,
the exclusive LICENSEE of Linus Torvalds, owner of the mark in the U.S. and other countries