Wednesday, September 3, 2014

[Quick Tips] : How to protect from port scanning and smurf attack in Linux Server by iptables

How to protect from port scanning and smurf attack in Linux Server by iptables

In this post I will share the iptable script in which we will learn How to protect from port scanning and smurf attack in Linux Server.
Features Of Script :
(1) When a attacker try to port scan your server, first because of iptable attacker will not get any information which port is open. Second the Attacking IP address will be blacklisted for 24 Hour (You can change it in script) . Third , after that attacker will not able to open access anything for eg. even attacker will not see any website running on server via web browser, not able to ssh,telnet also. Means completely restricted.
(2) Protects from smurf attack
(3) Written with the help of IPTABLE hence no System Performance issue like CPU high,Memory usage etc. No third party tool is used
Note: You can add or remove port no. as per your requirement.
Description about Server where we will implement IPTABLE script:
Operating Syetem : CentOS 6.4 (applicable to Red hat and CentOS servers)
IP Address: 192.168.1.4
Now we will create the script
Step 1: Create a bash script with the name of iptablescript.sh
Step 2: Now paste the below given script contents in your bash script file iptablescript.sh
Step 3: Make the Read Write Execute permission only to root user. (For security)
Step 4 : Now run the script
Step 6: Now check the IPTABLES rule with following command

Now we will do testing from remote server to our server where we have implemented the iptable

Step 7: login into any system and try to do port scanning
Step 8: The result should be now from your system like following types
(a) Not getting any output from nmap
(b) Not able to do telnet to any port for eg. telnet Server-ip-address 22
After running nmap means port scan your ip-address is blacklisted.
You can find your system ip address in message logs in Server with the keyword called portscan.
So login back to your server and check the messages log in /var/log
Note : how to install nmap

No comments: