Subj : Unwanted connections to port 23.
To : Ignatius
From : Janis Kracht
Date : Tue Oct 24 2017 01:06 pm
Hi Joseph,
> I've since recently put my board back on port 23... and I now recall why I
> took it off of it. I keep getting all of these connections from hackers, I
> take it. Anyone know of a way to filter these bad connections?
> I've tried Janis' iptables suggestion, but it isn't working.
The first thing I do after a reboot (which happens rarely) is turn off iptables
since ubuntu starts if right off the bat everytime automatically:
iptables -F
iptables -X
The above two commands do that. Once I've turned it off, I restart it with my
own parameters in the two lines below:
For my web server which I run on port 8080:
1)sudo iptables -I INPUT -p tcp --dport 8080 -i eth0 -m state --state NEW -m
recent --set [all on one line]
2)sudo iptables -I INPUT -p tcp --dport 8080 -i eth0 -m state --state NEW -m
recent --update --seconds 60 --hitcount 2 -j DROP [all on one line]
I could use the same commands for my telnet server which runs on port 2030, so
to include the telnet port I would change "dport 8080" with dport 2030 in the
lines above. If you are using port 23, you would change dport to 23 above.
Finally, I issue the command:
sudo iptables -L
to check that I've got the iptables command that I want:
bbs@filegate:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp dpt:http-alt
state NEW recent: UPDATE seconds: 60 hit_count: 2 name: DEFAULT side: source
tcp -- anywhere anywhere tcp
dpt:http-alt state NEW recent: SET name: DEFAULT side: source
