All Questions
166
questions
3
votes
0
answers
498
views
MITM redirecting to my own NTP server, blocking traffic to Apple NTP pool
CONFIGURATIONS
ipv4.forwarding 1 (ON)
arp_cache_poisoning between VICTIM & D.G.. (192.168.1.100 & 192.168.1.1)
**LAN**
VICTIM: 192.168.1.100
ATTACKER: ...
- 31
2
votes
2
answers
1k
views
Change all rules in iptables when changing IP address
I have a network gateway system using iptables to allow/deny traffic to/from an internal network. I have to manually add and remove rules in iptables depending on the requirements of the entities in ...
2
votes
1
answer
5k
views
Blacklisting port-scanner via iptables
I operate a VPN server and am having issues with DDoS attackers port-scanning my VPN for open ports to flood. I need a rule that will blacklist them after they have contacted X ports in Y seconds, so ...
- 382
2
votes
2
answers
2k
views
iptables drop all packets that do not come from two specific subnets
I want to drop all packets that do not come with a source IP in the subnets 11.2.4.0/24 and 11.2.3.0/24
I thought about doing something like so:
iptables -A OUTPUT ! -s 11.2.4.0/24,11.2.3.0/24 -j DROP
...
- 123
2
votes
1
answer
9k
views
RULE_APPEND failed (iptables)
I'm working on an assignment in which I have to create some custom firewall rules on a Debian router. I'm using iptables to create the rules. Here's the thing, whenever I try to add this rule: ...
- 23
2
votes
1
answer
6k
views
using iptables to prevent RST related to a specific port
I have a program which uses libpcap to capture incoming TCP SYN packets, these SYN packets are destined for a specific port.
But I have no tcp listening socket for that port, so in practice, the OS ...
- 3,055
2
votes
1
answer
11k
views
Block ARP requests (or broadcast message, if possible) from A SPECIFIC HOST in a subnet
My ISP provide username-password for authentication and also register the client's MAC address for authentication.
I am concerned about someone misusing my connection while I am not using it. ...
- 711
2
votes
1
answer
94
views
Firewall to accept only Wikipedia traffic
I have a challenge where I need to accept only traffic from Wikipedia.org
I am familiar with iptables and understand network basics.
For Facebook traffic, I could use
whois -h whois.radb.net -- '-i ...
- 23
2
votes
1
answer
21k
views
TCP connect: No route to host
I started a tcp server on a host A and then start a tcp client on another host B.
Both hosts are in the same LAN via the wireless router at home.
the tcp client tries to connect to tcp server on port ...
- 1,915
2
votes
1
answer
510
views
Most secure way to have IPtables auto-loaded using Debian / Linux
I'd like to know the safest way to load iptables using Debian. Of course, I can use a script that uses iptables-restore :
#!/bin/sh
iptables-restore < /etc/firewall.conf
but :
1) where is the ...
- 21
2
votes
3
answers
568
views
outgoing ssh fails from only one machine on lan to outside network
I have multiple servers in my LAN (which I'll refer to as Box1), and they are all able to make outgoing SSH connections, except one that stopped recently, which I'll refer to as Box2 (actually, I'm ...
- 172
2
votes
1
answer
2k
views
iptables FORWARD rule
I'm running 3 virtual machines with Fedora 19. The machine B is set up with two networks adapters and provides que channel between machine A and machine C.
The machine A IP is set to 192.168.1.1 and ...
- 167
2
votes
0
answers
90
views
How can I easily and quickly block domains across my whole network using a uMatrix-style visual interface? [closed]
I am looking for a way to easily and quickly manage a list of blocked domains on my entire network.
I am aware of - and have used many tools which can do this, such as a hardware firewall, a ...
- 777
2
votes
2
answers
3k
views
configure iptables to block all(as much as possible) bittorrent traffic
good day all
This is my current iptables setup
# Generated by iptables-save v1.4.7 on Wed Apr 9 13:50:31 2014
*filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] :LOGDROP - [0:0]
-...
- 59
2
votes
4
answers
961
views
Block all but http traffic on a network interface
I've got two network interfaces on an Ubuntu machine which go out to two different networks but both have internet gateways.
I need to limit it so that any outgoing http requests it makes (ie ...
- 391