Differences

This shows you the differences between two versions of the page.

--- computers:securitynotes [2007/03/12 14:07] – david
+++ computers:securitynotes [2007/04/25 12:00] (current) – david
@@ Line 1: / Line 1: @@
+====== Checking Open Ports ======
 This [[http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/security-guide/s1-server-ports.html|Red Hat Security Page]] had a great list of things you can check.
@@ Line 54: / Line 56: @@
 The presence of the open port in //netstat// is reassuring because a cracker opening a port surreptitiously on a hacked system would likely not allow it to be revealed through this command. Also, the [p] option reveals the process id (PID) of the service which opened the port. In this case the open port belongs to //ypbind// (NIS), which is an RPC service handled in conjunction with the //portmap// service.
-The lsof command reveals similar information since it is also capable of linking open ports to services:
+The //lsof// command reveals similar information since it is also capable of linking open ports to services:
 <code>
@@ Line 70: / Line 72: @@
 As you can see, these tools can reveal a great about the status of the services running on a machine. These tools are flexible and can provide a wealth of information about network services and configuration. Consulting the man pages for //lsof//, //netstat//, //nmap//, and services is therefore highly recommended.
+====== Dropping Unwanted Packets ======
+Some dude/dudette was flooding the apache server with requests, so I added an iptables rule to drop packets from his/her IP.
+<code>
+# drop all incoming packets from 88.241.152.169
+iptables -I INPUT -s 88.241.152.169 -j DROP
+# list your iptables rules
+iptables -L -n
+</code>