IPCHAINS very simple question

Fri, 10 Mar 2000 00:59:29 -0800 

Hello list!
It's me or you guys dont like me???
Every time that i post some questions,nobody awnser me...snif

Well,this is not what i came here for!

I really want to learn more about ipchains and i'm doing good by my self,but 
i still need some light :)
Question 1:
Here is my basic script:
#!/bin/sh
PATH=/sbin

ipchains -P input ACCEPT
ipchains -P output ACCEPT
ipchains -P forward ACCEPT
ipchains -F
ipchains -P input REJECT
ipchains -P output REJECT
ipchains -P forward REJECT
ipchains -A input -p tcp -s 192.168.0.0/24 -d 192.168.1.3 22 -j ACCEPT
ipchains -A input -p tcp -s 192.168.0.0/24 -d 192.168.1.3 23 -j ACCEPT
ipchains -A output -p tcp -s 192.168.1.3 22 -d 192.168.0.0/24 -j ACCEPT
ipchains -A output -p tcp -s 192.168.1.3 23 -d 192.168.0.0/24 -j ACCEPT
ipchains -A input -s 0/0 -d 0/0 -j REJECT -l
ipchains -A output -s 0/0 -d 0/0 -j REJECT -l

The last two lines that i want to know about,if i move then to the top of 
the script even if i open the telnet and ssh like i did,the ipchains dont 
accept connections for telnet and ssh,why???
I use this last two lines for debug proposes and i know if i comment this 
lines out,everything bellow will work,but i dont understand the why!

Question 2
Every body know about hackers doing party on internet servers they dont 
own,so,i have an idea and doesn't know if this it's possible.
If we put a prog to check our systems ( servers ) like portsentry,iplogger 
or whatever and create a script or program to filter this logs,grab the 
attackers IP, and auto-generate ipchains rules against the intruder???
I mean,to take over a server you need to scan it first,or do an search on 
open ports and then attack(DOS attacks and many others).For example,port 
scanners searchs are fast ( last than 1 sec for x ports ) but they come from 
the same source,taking base on this "magic program or script" will lock up 
IPs that change from one port to another in x secs and then generate an 
ipchains whatever -j REJECT.
This is just a idea,and example,this kind a prog cam be made or allready 
exist?

Thanks
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com


-- 
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.

Reply via email to