[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] RE: RE: Shut myself in the foot... I think (I locked myself out) IpChains - LMAO!
- Subject: [cobalt-security] RE: RE: Shut myself in the foot... I think (I locked myself out) IpChains - LMAO!
- From: "Nicolae" <nicolaep@xxxxxxxxxxxxxxxxxx>
- Date: Sat, 4 May 2002 12:56:50 -0700
- Organization: EnigmaBiz.Com
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> Message: 3
> From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
> Organization: Front Street Networks LLC
> To: cobalt-security@xxxxxxxxxxxxxxx
> Subject: Re: [cobalt-security] Did I just shoot myself in the
> foot? (IPChains)
> Date: Sat, 4 May 2002 14:08:14 -0400
> Reply-To: cobalt-security@xxxxxxxxxxxxxxx
>
> On Saturday 04 May 2002 01:52 pm, Nicolae wrote:
> > ipchains -A input -j DENY -p all -l -s 65.170.XX.XXX/0 -d 0.0.0.0/0
> >
> > I am consern about the line above... Did I lock everything? I
> > should've gone with the cron shell or every 10 minutes to reload /
> > flush things..
> >
> > I was testing it and trying to block the above IP from
> trying to login
> > to FTP annonymous. I also wanted to block few IPs that
> belong to *.tw
> >
>
> Not sure, what is the -I for It looks to me like a syntax
> error ( -I is for
> insert kind of the same as -A)
> Are you sure the rule is installed?
> If you want to block ftp, it is easier to use /etc/hosts.deny
> in.progtpd : 65.170.XX.XXX
> Are you still logged in?
> look at ipchails -L -n
> and see if the rule is running!
>
>
I installed chains, and tried locking someone with the listed IP below.
I read careful notes and such but I think the -d 0.0.0.0/0 etc worries
me.
[root /etc]# tail ipchains.rules
:input ACCEPT
:forward ACCEPT
:output ACCEPT
-A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 137:137 -p 6 -j REJECT -l
-A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 138:138 -p 6 -j REJECT -l
-A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 139:139 -p 6 -j REJECT -l
-A forward -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -j DENY [root /etc]#
ipchains -A input -j DENY -p all -l -s 65.170.79.187/0 -d 0.0.0.0/0
sh: ipchains: command not found
[root /etc]# /sbin/ipchains -A input -j DENY -p all -l -s
65.170.79.187/0 -d 0.0.0.0/0 [root /etc]#
I rerouted my dns to a backup site I have just recently in case the box
is unusable.
Holy SHI*! I'm so fked up... hahaha I must've staied up too late last
night or lost my mind.
I don't think I'm fit to have a box! HAHAHAHAAHAH This is sooooo lame!
My BOX IPs are: 65.170.79.187 and 188. YOU FIGURE out what I did...
I knew that IP seemed farmiliar. It is also in my block of RoadRunner
66.27.x.xx but I was
too caught up into setting up chains and forgot about MY OWN ip OF the
box.
LMAO!
p.s. Can this also be used to render the box useless and only way around
it is to "RECOVER ISO Disk"
and install everything from scratch?
It is sort of nice though, when your "lease" is up and you are not sure
what your co-location data
center might do with the box or data inside it.. just format everything
or "LOCK-UP" the box. Right?
Nicolae Popescu