Reply To: my zeroshell compromised [hacked]

Home Page Forums Network Management ZeroShell my zeroshell compromised [hacked] Reply To: my zeroshell compromised [hacked]

#51065

atheling
Member

“firewall chains as per defaults -> accept.”

That might be default to allow you into a new installation to configure it but the more general practice by firewall administrators it to have a default policy of reject and then specific rules to pass desired traffic.

I have noticed a number of attempts to hack my Asterisk box, usually by brute force dictionary attacks. I don’t know of a way in Asterisk itself to block this. But you can greatly reduce the issue with a couple of rules in your firewall. I get a bit confused by the GUI and a lot of examples on how to do things on the web assume just straight IP tables, so I put the following into my “NAT and Virtual Servers” script. It basically cuts off an IP address if there are too many new connections (log in attempts) in a short amount of time. Don’t do this on HTTP because each fetch is another connection.

Each protocol has two sets of entries, one for each of my two WAN links.

# Block dictionary and flood attacks against traffic to servers
iptables -t filter -N custom_forward
# SSH port
iptables -t filter -A custom_forward -p tcp –dport 22 -i ETH01 -m state –state NEW -m recent –update –seconds 600 –hitcount 4 -j DROP
iptables -t filter -A custom_forward -p tcp –dport 22 -i ETH01 -m state –state NEW -m recent –set
iptables -t filter -A custom_forward -p tcp –dport 22 -i ppp0 -m state –state NEW -m recent –update –seconds 600 –hitcount 4 -j DROP
iptables -t filter -A custom_forward -p tcp –dport 22 -i ppp0 -m state –state NEW -m recent –set
# POP3 port
iptables -t filter -A custom_forward -p tcp –dport 110 -i ETH01 -m state –state NEW -m recent –update –seconds 60 –hitcount 10 -j DROP
iptables -t filter -A custom_forward -p tcp –dport 110 -i ETH01 -m state –state NEW -m recent –set
iptables -t filter -A custom_forward -p tcp –dport 110 -i ppp0 -m state –state NEW -m recent –update –seconds 60 –hitcount 10 -j DROP
iptables -t filter -A custom_forward -p tcp –dport 110 -i ppp0 -m state –state NEW -m recent –set
# Mail submission port
iptables -t filter -A custom_forward -p tcp –dport 587 -i ETH01 -m state –state NEW -m recent –update –seconds 60 –hitcount 10 -j DROP
iptables -t filter -A custom_forward -p tcp –dport 587 -i ETH01 -m state –state NEW -m recent –set
iptables -t filter -A custom_forward -p tcp –dport 587 -i ppp0 -m state –state NEW -m recent –update –seconds 60 –hitcount 10 -j DROP
iptables -t filter -A custom_forward -p tcp –dport 587 -i ppp0 -m state –state NEW -m recent –set
# POP3S port
iptables -t filter -A custom_forward -p tcp –dport 995 -i ETH01 -m state –state NEW -m recent –update –seconds 60 –hitcount 10 -j DROP
iptables -t filter -A custom_forward -p tcp –dport 995 -i ETH01 -m state –state NEW -m recent –set
iptables -t filter -A custom_forward -p tcp –dport 995 -i ppp0 -m state –state NEW -m recent –update –seconds 60 –hitcount 10 -j DROP
iptables -t filter -A custom_forward -p tcp –dport 995 -i ppp0 -m state –state NEW -m recent –set
# CVS port
iptables -t filter -A custom_forward -p tcp –dport 2401 -i ETH01 -m state –state NEW -m recent –update –seconds 60 –hitcount 4 -j DROP
iptables -t filter -A custom_forward -p tcp –dport 2401 -i ETH01 -m state –state NEW -m recent –set
iptables -t filter -A custom_forward -p tcp –dport 2401 -i ppp0 -m state –state NEW -m recent –update –seconds 60 –hitcount 4 -j DROP
iptables -t filter -A custom_forward -p tcp –dport 2401 -i ppp0 -m state –state NEW -m recent –set
# SIP port
iptables -t filter -A custom_forward -p udp –dport 5060 -i ETH01 -m state –state NEW -m recent –update –seconds 60 –hitcount 4 -j DROP
iptables -t filter -A custom_forward -p udp –dport 5060 -i ETH01 -m state –state NEW -m recent –set
iptables -t filter -A custom_forward -p udp –dport 5060 -i ppp0 -m state –state NEW -m recent –update –seconds 60 –hitcount 4 -j DROP
iptables -t filter -A custom_forward -p udp –dport 5060 -i ppp0 -m state –state NEW -m recent –set
iptables -t filter -A FORWARD -j custom_forward