In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-09-23 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
Method 1:
Add an ip or network segment that allows ssh to log in to / etc/hosts.allow
Sshd:192.168.1.2:allow or
Sshd:192.168.1.0/24:allow
Add IP that does not allow ssh to log in to / etc/hosts.deny
Sshd:ALL # ALL indicates that except for those allowed above, all other ip refused to log in to ssh
Method 2:
Use iptables.
Iptables-An INPUT-p tcp-s 192.168.1.2-- destination-port 22-j ACCEPT
Iptables-An INPUT-p tcp-- destination-port 22-j DROP
Method 3:
Modify ssh configuration file
Vi / etc/ssh/sshd_config
Add a line:
Allowusers xxx@192.168.1.2
Note: xxx is the user name you use to log in to the server.
* * *
Hide and camouflage port banner http://kangyang.blog.51cto.com/471772/580853
* * *
Net session / delete / y
* * *
There are several representations of the Linux server:
1. High latency from external ping
two。 High latency from internal ping gateways
3. High memory and CPU footprint
4. Many requests with status of SYN_RECV are found through netstat, and the refresh is slow.
Ways to resist *:
1. Set firewall rules
1.iptables-A FORWARD-p tcp-- syn-m limit-- limit 1max s-j ACCEPT
2.iptables-A FORWARD-p tcp--tcp-flags SYN,ACK,FIN,RST RST-m limit-- limit 1max s-j ACCEPT
3.iptables-A FORWARD-p icmp--icmp-type echo-request-m limit-- limit 1max s-j ACCEPT
two。 Seal ip and ip segments
1.iptables-I INPUT-s 49.116.15.23-j DROP # seal a single ip
2.iptables-I INPUT-s 49.116.15.23 2.iptables 32-j DROP # has the same effect as the previous one, sealing a single IP
3.iptables-I INPUT-s 49.116.15.0 DROP 24-j DROP # Seal ip, specify the first three paragraphs
4.iptables-I INPUT-s 49.116.0.0According to 16-j DROP # seal ip paragraph, specify only the first two paragraphs
5.iptables-I INPUT-s 49.0.0.0According to 8-j DROP # ip paragraph, only the first paragraph is specified
Here is a question: how to know which ip to seal?
The answer is the netstat command.
When you view the current request through netstat, most of the frequent ip with a status of SYN_RECV is malicious.
The two methods should be combined to achieve significant results. This is my experience in maintaining high-concurrency and high-traffic voting websites.
* *
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
The market share of Chrome browser on the desktop has exceeded 70%, and users are complaining about
The world's first 2nm mobile chip: Samsung Exynos 2600 is ready for mass production.According to a r
A US federal judge has ruled that Google can keep its Chrome browser, but it will be prohibited from
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
About us Contact us Product review car news thenatureplanet
More Form oMedia: AutoTimes. Bestcoffee. SL News. Jarebook. Coffee Hunters. Sundaily. Modezone. NNB. Coffee. Game News. FrontStreet. GGAMEN
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
