TS Status
TEAMSPEAK.kulish.com 
Lobby 
Demon Hunters Eve AFK 
LotRO 
SWTOR 
SANS- Infocon: green
- PHP 5.4 Remote Exploit PoC in the wild, (Sat, May 19th) May 19, 2012
- ZTE Score M Android Phone backdoor, (Fri, May 18th) May 18, 2012
- ISC StormCast for Friday, May 18th 2012 http://isc.sans.edu/podcastdetail.html?id=2545, (Fri, May 18th) May 18, 2012
- ISC Feature of the Week: Tools->Information Gathering, (Thu, May 17th) May 17, 2012
- Steam
Tag Archives: firewall
Block Incoming IP Using dd-wrt (iptables)
While reviewing logs on the email server I noticed 112.121.136.26 trying to authenticate via SASL.
This is not a normal IP that would be relaying email through the server, so I decided to block it at the firewall.
Undoubtedly, someone was trying to relay spam, whether they were aware or not.
First, I logged into my firewall via ssh to get a rule in place immediately:
iptables -I CHAIN -s 112.121.136.26 -j DROP
Listing the rules:
iptables -L --line-number
1 DROP 0 -- ppp-112.121.136.26.revip.proen.co.th anywhere
Shows the new rule at the top of the chain. Exactly where I need it.
First IPTables Frackas
I decided to start firewalling all my internal servers… Ok, what that really means is I decided to try it out on a junk box.
I went for the complete “nothing in, nothing out unless I expressly permitted it” approach. Below is what I came up with (with some help from the LUG).
—-Start Script
# Setup variables
OURIF=”eth0″
OURLO=”lo”
OURIP=”ip.ip.ip.ip”
OURDNS1=”ip.ip.ip.ip”
OURDNS2=”ip.ip.ip.ip”
OURSMTP=”mx.spammer.com”
OURBACK=”loadsodisk”
OURNTP1=”time1″
OURNTP2=”time2″
OURLOG=”throneloaf”
# Flush all chains
/sbin/iptables –flush
# Set default policies
/sbin/iptables –policy INPUT DROP
/sbin/iptables –policy OUTPUT DROP
/sbin/iptables –policy FORWARD DROP