Hi I''m currently setting up a game server and have opened all ports needed to run it. What other options do I have regarding protecting the open ports? I''m worried about people attacking the open ports to render the server useless. Any help or advice would be appreciated. Thank you. Recoil UK
2005/5/17, Recoil <recoiluk@syl.eclipse.co.uk>:> Hi > > I''m currently setting up a game server and have opened all ports needed to > run it.That''s good.> What other options do I have regarding protecting the open ports?> I''m worried about people attacking the open ports to render the server useless.Me too.> Any help or advice would be . >any clue or rationale about your setup and what are you trying to do would be appreciated http://www.shorewall.net/support.htm (come on ¡¡¡) ps: enough for today..I go to sleep,annoyed by silly,clueless emails, without information, like this. :@
Hello again >any clue or rationale about your setup and what are you trying to do >would be appreciated >ps: enough for today..I go to sleep,annoyed by silly,clueless emails, >without information, like this. :@ This response is typical of people in the Linux community being so totally condescending its unbelievable. What is wrong with just answering the question as you see it. I''m not saying all Linux users are like this, as I have many to thank for helping me in the past. If I knew what I was trying to do, why would I ask the question? I''m looking for advice in general, I''m not looking for answers, just pointers in the right direction, so I can work it out for myself, how else am I going to learn?. My question still stands "What options do I have in regards to protecting open ports from attack?". A perfectly reasonable question, and if I knew a possible answer I would be willing to help. If you feel you need more information to answer the question, then either don''t reply or ask for the information as you would do in a one-to-one conversation otherwise your reply isn''t welcome. Thank you RecoilUK At 09:11 17/05/2005, you wrote:>2005/5/17, Recoil <recoiluk@syl.eclipse.co.uk>: > > Hi > > > > I''m currently setting up a game server and have opened all ports needed to > > run it. > >That''s good. > > > What other options do I have regarding protecting the open ports? > > > > > I''m worried about people attacking the open ports to render the server > useless. > >Me too. > > > Any help or advice would be . > > > >any clue or rationale about your setup and what are you trying to do >would be appreciated > >http://www.shorewall.net/support.htm (come on ¡¡¡) > >ps: enough for today..I go to sleep,annoyed by silly,clueless emails, >without information, like this. :@ >_______________________________________________ >Shorewall-users mailing list >Post: Shorewall-users@lists.shorewall.net >Subscribe/Unsubscribe: >https://lists.shorewall.net/mailman/listinfo/shorewall-users >Support: http://www.shorewall.net/support.htm >FAQ: http://www.shorewall.net/FAQ.htm
Hi Recoil,> This response is typical of people in the Linux community being so totally > condescending its unbelievable. What is wrong with just answering the > question as you see it.You are right and wrong in this topic. The problem here is that this list is particulary typical to make this kind of questions that are beyond the topic of the list. Actually, the main author is tired of responding time after time this kind of questions (or burn out you might say). Regarding your question, if the firewall is well configured, the only things you can do to secure it further are: * Use the most current servers * Use an IPS * Pray :) All of them are out of the topic of this list. Hope it helps. -- Jaime Nebrera - jnebrera@eneotecnologia.com Consultor TI - ENEO Tecnologia SL Telf.- 95 455 40 62 - 619 04 55 18
I''d start here (don''t take any offense as to the title, its a good book): http://www.amazon.com/exec/obidos/tg/detail/-/0764508849/002-7463237-5166436?v=glance and another link: http://en.wikipedia.org/wiki/Intrusion-prevention_system> This response is typical of people in the Linux community being so > totally condescending its unbelievable.Do you prefer the commercial support world where the answer is "we don''t support that"? You pay nothing for expert support on lists like these. Expect that people will want details in your questions.> My question still stands "What options do I have in regards to > protecting open ports from attack?". A perfectly reasonable question, > and if I knew a possible answer I would be willing to help.I have some questions that will help me understand your problem better: #1: Is it possible to for you to "whitelist" IP Addresses to only accept connections from approved IP addresses? #2: What are the hardware specs on your firewall? #3: Do you have another machine to spare (could be used as an IDS/IPS)? #4: Please list all ports you need opened, and protocol (important). On 05/17/2005 05:13:35 AM, Recoil wrote:> Hello again > > >any clue or rationale about your setup and what are you trying to do > >would be appreciated > > >ps: enough for today..I go to sleep,annoyed by silly,clueless > emails, > >without information, like this. :@ > > This response is typical of people in the Linux community being so > totally condescending its unbelievable. What is wrong with just > answering the question as you see it. > > I''m not saying all Linux users are like this, as I have many to thank > for helping me in the past. > > If I knew what I was trying to do, why would I ask the question? > > I''m looking for advice in general, I''m not looking for answers, just > pointers in the right direction, so I can work it out for myself, how > else am I going to learn?. > > My question still stands "What options do I have in regards to > protecting open ports from attack?". A perfectly reasonable question, > and if I knew a possible answer I would be willing to help. > > If you feel you need more information to answer the question, then > either don''t reply or ask for the information as you would do in a > one-to-one conversation otherwise your reply isn''t welcome. > > Thank you > > RecoilUK > > At 09:11 17/05/2005, you wrote: >> 2005/5/17, Recoil <recoiluk@syl.eclipse.co.uk>: >> > Hi >> > >> > I''m currently setting up a game server and have opened all ports >> needed to >> > run it. >> >> That''s good. >> >> > What other options do I have regarding protecting the open ports? >> >> >> >> > I''m worried about people attacking the open ports to render the >> server useless. >> >> Me too. >> >> > Any help or advice would be . >> > >> >> any clue or rationale about your setup and what are you trying to do >> would be appreciated >> >> http://www.shorewall.net/support.htm (come on ¡¡¡) >> >> ps: enough for today..I go to sleep,annoyed by silly,clueless >> emails, >> without information, like this. :@ >> _______________________________________________ >> Shorewall-users mailing list >> Post: Shorewall-users@lists.shorewall.net >> Subscribe/Unsubscribe: >> https://lists.shorewall.net/mailman/listinfo/shorewall-users >> Support: http://www.shorewall.net/support.htm >> FAQ: http://www.shorewall.net/FAQ.htm > > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm > >
On Tuesday 17 May 2005 05:13, Recoil wrote:> I''m looking for advice in general, I''m not looking for answers, just > pointers in the right direction, so I can work it out for myself, how else > am I going to learn?. > > My question still stands "What options do I have in regards to protecting > open ports from attack?". A perfectly reasonable question, and if I knew a > possible answer I would be willing to help.If the port is open, then it is up to the application listening on that port to deal with any attack(s). Intusion Detection and/or Prevention Systems (IDS, IPS) may provide some additional security, but I can''t speak about these with any authority. If at all possible, restrict who can access the port. If this is _not_ a publicly available game server (ie: it''s just for you and some friends), then try to restrict which source IPs are allowed to connect. If necessary, revise the list of permitted source addresses before every game session, to make sure that stale dynamic IPs are expunged properly. If this is a publicly available game server (anyone anywhere can connect), then there''s little else you can do to restrict access. Watch your logs. Watch your network traffic. Learn to identify what is normal and abnormal behavior.
Scott Merrill wrote:> On Tuesday 17 May 2005 05:13, Recoil wrote:> > If this is a publicly available game server (anyone anywhere can connect), > then there''s little else you can do to restrict access. Watch your logs. > Watch your network traffic. Learn to identify what is normal and abnormal > behavior.And consider isolating it in a DMZ -- see http://shorewall.net/three-interface.htm As the OP correctly observed, once you have a firewall in place, you next greatest source of vulnerability is the servers that you open to the internet (right up there with your Windows-hosted email clients). Placing such servers in their own LAN segment contains the damage in the event that one of them is hacked. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
2005/5/17, Recoil <recoiluk@syl.eclipse.co.uk>:> Hello again > > >any clue or rationale about your setup and what are you trying to do > >would be appreciated > > >ps: enough for today..I go to sleep,annoyed by silly,clueless emails, > >without information, like this. :@ > > This response is typical of people in the Linux community being so totally > condescending its unbelievable. What is wrong with just answering the > question as you see it.Dont get me wrong please,the problem reporting guidelines are very clear,about this.> > I''m not saying all Linux users are like this, as I have many to thank for > helping me in the past. > > If I knew what I was trying to do, why would I ask the question?Im trying to help you but your first email says nothing about your setup.> I''m looking for advice in general, I''m not looking for answers, just > pointers in the right direction, so I can work it out for myself, how else > am I going to learn?. > > My question still stands "What options do I have in regards to protecting > open ports from attack?". A perfectly reasonable question, and if I knew a > possible answer I would be willing to help.Please read the following documents: http://www.hackinglinuxexposed.com/articles/20021015.html http://staff.washington.edu/dittrich/misc/ddos/ use secure and current daemons: if you run and ftp server: use vsftpd or pure-ftpd(my favorite one) Run a secure MTA like postfix or Qmail if you are running apache,then configure it to use only de needed modules. Control the outgoing traffic of your server. if you allow ping to server ,limit the amount of bandwith used by icmp 8 traffic. Read a lot,security is not just a thing about secure code,its a set of important things. take care>
I''d like to summarize everyone''s ideas: 1. Run the server in a DMZ 2. Make sure you only open what ports are necessary. 3. Consider running intrusion detection (I prefer snort) on another machine. You will need a managed switch capable of port mirroring, and another PC. If this is over your budget, run your IDS on the firewall. 4. Make use of shorewall''s blacklist feature to ban IP ranges flagged by your IDS. 5. Consider closing common trojan/virus/worm ports. and, an out-of-the-box-idea... 6. Run Deep Freeze on the game server. Get the server set up the way you want it. Everytime you reboot, it will be restored to its original state. While not ideal (if the server was infected, it can happen again when the machine comes back), you will have an opportunity to see what your attackers did and take measures to keep your server from getting infected again. Their pricing is very reasonable. http://www.faronics.com/html/deepfreeze.asp Recoil wrote:> Hello again > > >any clue or rationale about your setup and what are you trying to do > >would be appreciated > > >ps: enough for today..I go to sleep,annoyed by silly,clueless emails, > >without information, like this. :@ > > This response is typical of people in the Linux community being so > totally condescending its unbelievable. What is wrong with just > answering the question as you see it. > > I''m not saying all Linux users are like this, as I have many to thank > for helping me in the past. > > If I knew what I was trying to do, why would I ask the question? > > I''m looking for advice in general, I''m not looking for answers, just > pointers in the right direction, so I can work it out for myself, how > else am I going to learn?. > > My question still stands "What options do I have in regards to > protecting open ports from attack?". A perfectly reasonable question, > and if I knew a possible answer I would be willing to help. > > If you feel you need more information to answer the question, then > either don''t reply or ask for the information as you would do in a > one-to-one conversation otherwise your reply isn''t welcome. > > Thank you > > RecoilUK > > At 09:11 17/05/2005, you wrote: > >> 2005/5/17, Recoil <recoiluk@syl.eclipse.co.uk>: >> > Hi >> > >> > I''m currently setting up a game server and have opened all ports >> needed to >> > run it. >> >> That''s good. >> >> > What other options do I have regarding protecting the open ports? >> >> >> >> > I''m worried about people attacking the open ports to render the >> server useless. >> >> Me too. >> >> > Any help or advice would be . >> > >> >> any clue or rationale about your setup and what are you trying to do >> would be appreciated >> >> http://www.shorewall.net/support.htm (come on ¡¡¡) >> >> ps: enough for today..I go to sleep,annoyed by silly,clueless emails, >> without information, like this. :@ >> _______________________________________________ >> Shorewall-users mailing list >> Post: Shorewall-users@lists.shorewall.net >> Subscribe/Unsubscribe: >> https://lists.shorewall.net/mailman/listinfo/shorewall-users >> Support: http://www.shorewall.net/support.htm >> FAQ: http://www.shorewall.net/FAQ.htm > > > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm > >