Módulo recent

Proteção contra “port scanner”

iptables -A INPUT -m recent --rcheck --name DENY --rsource -j DROP

iptables -A INPUT -p tcp -m multiport --dports 1,5,10 -m recent --set --name DENY --rsource -j LOG --log-prefix "DENY: portscanner"

Lista de IPs bloqueados

more /proc/net/ipt_recent/DENY

Limpar lista de IPS bloqueados

echo clear > /proc/net/ipt_recent/DENY

Remover um IP da lista de IPs bloqueados

echo -192.168.0.15 > /proc/net/ipt_recent/DENY

* O caminho do arquivo DENY pode ser outro dependendo da versão do kernel. ex: /proc/net/xt_recent/DENY

Filtrar IPs que casaram com uma regra no syslog

grep -Eo “DENY.*SRC=[0-9.]+” /var/log/syslog | grep -Eo [0-9.]+$
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s