P
postcd
It appears i cant connect linux VPS server via SSH or i cant SCP any file to it and i cant wget any file TO it (from inside it) while CSF (Config Server Firewall, LFD is running. Just after isntall in default configuration and after changing TESTING mode to LIVE mode.
Trying to wget & install comething => stuck
Code:
[root@pvbvfxby ~]# wget http://www.inetbase.com/scripts/ddos/install.sh;chmod 0700 install.sh;
--2014-04-07 08:25:26-- http://www.inetbase.com/scripts/ddos/install.sh
Resolving www.inetbase.com... 184.173.190.146
Connecting to www.inetbase.com|184.173.190.146|:80...
Trying to SCP something into VPS:
Code:
amnesia@amnesia:~$ scp install.sh root@vpsipthere:/root
ERROR: Got error response from SOCKS server: 6 (TTL expired).
FATAL: failed to begin relaying via SOCKS.
ssh_exchange_identification: Connection closed by remote host
lost connection
Nothing in deny file/s
Code:
[root@pvbvfxby log]# cat /etc/*deny*
My computer IP not in iptables:
Code:
[root@pvbvfxby log]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- google-public-dns-b.google.com anywhere tcp dpt:domain
ACCEPT udp -- google-public-dns-b.google.com anywhere udp dpt:domain
ACCEPT tcp -- google-public-dns-b.google.com anywhere tcp spt:domain
ACCEPT udp -- google-public-dns-b.google.com anywhere udp spt:domain
ACCEPT tcp -- google-public-dns-a.google.com anywhere tcp dpt:domain
ACCEPT udp -- google-public-dns-a.google.com anywhere udp dpt:domain
ACCEPT tcp -- google-public-dns-a.google.com anywhere tcp spt:domain
ACCEPT udp -- google-public-dns-a.google.com anywhere udp spt:domain
LOCALINPUT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
INVALID tcp -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp-data
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt
op3
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imap
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtps
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:submission
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imaps
ACCEPT tcp -- anywhere anywhere state NEW tcp dptop3s
ACCEPT udp -- anywhere anywhere state NEW udp dpt:ftp-data
ACCEPT udp -- anywhere anywhere state NEW udp dpt:ftp
ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain
ACCEPT icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5
ACCEPT icmp -- anywhere anywhere icmp echo-reply limit: avg 1/sec burst 5
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
LOGDROPIN all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere google-public-dns-b.google.com tcp dpt:domain
ACCEPT udp -- anywhere google-public-dns-b.google.com udp dpt:domain
ACCEPT tcp -- anywhere google-public-dns-b.google.com tcp spt:domain
ACCEPT udp -- anywhere google-public-dns-b.google.com udp spt:domain
ACCEPT tcp -- anywhere google-public-dns-a.google.com tcp dpt:domain
ACCEPT udp -- anywhere google-public-dns-a.google.com udp dpt:domain
ACCEPT tcp -- anywhere google-public-dns-a.google.com tcp spt:domain
ACCEPT udp -- anywhere google-public-dns-a.google.com udp spt:domain
LOCALOUTPUT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp spt:domain
ACCEPT udp -- anywhere anywhere udp spt:domain
ACCEPT all -- anywhere anywhere
INVALID tcp -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp-data
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dptop3
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:auth
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT udp -- anywhere anywhere state NEW udp dpt:ftp-data
ACCEPT udp -- anywhere anywhere state NEW udp dpt:ftp
ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain
ACCEPT udp -- anywhere anywhere state NEW udp dpt:auth
ACCEPT udp -- anywhere anywhere state NEW udp dpt:ntp
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
LOGDROPOUT all -- anywhere anywhere
Chain ALLOWIN (1 references)
target prot opt source destination
Chain ALLOWOUT (1 references)
target prot opt source destination
Chain DENYIN (1 references)
target prot opt source destination
Chain DENYOUT (1 references)
target prot opt source destination
Chain INVALID (2 references)
target prot opt source destination
INVDROP all -- anywhere anywhere state INVALID
INVDROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
INVDROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
INVDROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
INVDROP tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST
INVDROP tcp -- anywhere anywhere tcp flags:FIN,RST/FIN,RST
INVDROP tcp -- anywhere anywhere tcp flags:FIN,ACK/FIN
INVDROP tcp -- anywhere anywhere tcp flagsSH,ACK/PSH
INVDROP tcp -- anywhere anywhere tcp flags:ACK,URG/URG
INVDROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEW
Chain INVDROP (10 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain LOCALINPUT (1 references)
target prot opt source destination
ALLOWIN all -- anywhere anywhere
DENYIN all -- anywhere anywhere
Chain LOCALOUTPUT (1 references)
target prot opt source destination
ALLOWOUT all -- anywhere anywhere
DENYOUT all -- anywhere anywhere
Chain LOGDROPIN (1 references)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp dpt:bootps
DROP udp -- anywhere anywhere udp dpt:bootps
DROP tcp -- anywhere anywhere tcp dpt:bootpc
DROP udp -- anywhere anywhere udp dpt:bootpc
DROP tcp -- anywhere anywhere tcp dpt:sunrpc
DROP udp -- anywhere anywhere udp dpt:sunrpc
DROP tcp -- anywhere anywhere tcp dpt:auth
DROP udp -- anywhere anywhere udp dpt:auth
DROP tcp -- anywhere anywhere tcp dpts:epmap:netbios-ssn
DROP udp -- anywhere anywhere udp dpts:epmap:netbios-ssn
DROP tcp -- anywhere anywhere tcp dpt:microsoft-ds
DROP udp -- anywhere anywhere udp dpt:microsoft-ds
DROP tcp -- anywhere anywhere tcp dpt:isakmp
DROP udp -- anywhere anywhere udp dpt:isakmp
DROP tcp -- anywhere anywhere tcp dpt:login
DROP udp -- anywhere anywhere udp dpt:who
DROP tcp -- anywhere anywhere tcp dpt:efs
DROP udp -- anywhere anywhere udp dpt:router
LOG tcp -- anywhere anywhere limit: avg 30/min burst 5 LOG level warning prefix `Firewall: *TCP_IN Blocked* '
LOG udp -- anywhere anywhere limit: avg 30/min burst 5 LOG level warning prefix `Firewall: *UDP_IN Blocked* '
LOG icmp -- anywhere anywhere limit: avg 30/min burst 5 LOG level warning prefix `Firewall: *ICMP_IN Blocked* '
DROP all -- anywhere anywhere
Chain LOGDROPOUT (1 references)
target prot opt source destination
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 30/min burst 5 LOG level warning uid prefix `Firewall: *TCP_OUT Blocked* '
LOG udp -- anywhere anywhere limit: avg 30/min burst 5 LOG level warning uid prefix `Firewall: *UDP_OUT Blocked* '
LOG icmp -- anywhere anywhere limit: avg 30/min burst 5 LOG level warning uid prefix `Firewall: *ICMP_OUT Blocked* '
DROP all -- anywhere anywhere
when i do: service csf stop
connections starts working, when i start, it fails to connect, wget..
Continue reading...
Trying to wget & install comething => stuck
Code:
[root@pvbvfxby ~]# wget http://www.inetbase.com/scripts/ddos/install.sh;chmod 0700 install.sh;
--2014-04-07 08:25:26-- http://www.inetbase.com/scripts/ddos/install.sh
Resolving www.inetbase.com... 184.173.190.146
Connecting to www.inetbase.com|184.173.190.146|:80...
Trying to SCP something into VPS:
Code:
amnesia@amnesia:~$ scp install.sh root@vpsipthere:/root
ERROR: Got error response from SOCKS server: 6 (TTL expired).
FATAL: failed to begin relaying via SOCKS.
ssh_exchange_identification: Connection closed by remote host
lost connection
Nothing in deny file/s
Code:
[root@pvbvfxby log]# cat /etc/*deny*
My computer IP not in iptables:
Code:
[root@pvbvfxby log]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- google-public-dns-b.google.com anywhere tcp dpt:domain
ACCEPT udp -- google-public-dns-b.google.com anywhere udp dpt:domain
ACCEPT tcp -- google-public-dns-b.google.com anywhere tcp spt:domain
ACCEPT udp -- google-public-dns-b.google.com anywhere udp spt:domain
ACCEPT tcp -- google-public-dns-a.google.com anywhere tcp dpt:domain
ACCEPT udp -- google-public-dns-a.google.com anywhere udp dpt:domain
ACCEPT tcp -- google-public-dns-a.google.com anywhere tcp spt:domain
ACCEPT udp -- google-public-dns-a.google.com anywhere udp spt:domain
LOCALINPUT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
INVALID tcp -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp-data
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt
op3 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imap
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtps
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:submission
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imaps
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt
op3s ACCEPT udp -- anywhere anywhere state NEW udp dpt:ftp-data
ACCEPT udp -- anywhere anywhere state NEW udp dpt:ftp
ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain
ACCEPT icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5
ACCEPT icmp -- anywhere anywhere icmp echo-reply limit: avg 1/sec burst 5
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
LOGDROPIN all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere google-public-dns-b.google.com tcp dpt:domain
ACCEPT udp -- anywhere google-public-dns-b.google.com udp dpt:domain
ACCEPT tcp -- anywhere google-public-dns-b.google.com tcp spt:domain
ACCEPT udp -- anywhere google-public-dns-b.google.com udp spt:domain
ACCEPT tcp -- anywhere google-public-dns-a.google.com tcp dpt:domain
ACCEPT udp -- anywhere google-public-dns-a.google.com udp dpt:domain
ACCEPT tcp -- anywhere google-public-dns-a.google.com tcp spt:domain
ACCEPT udp -- anywhere google-public-dns-a.google.com udp spt:domain
LOCALOUTPUT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp spt:domain
ACCEPT udp -- anywhere anywhere udp spt:domain
ACCEPT all -- anywhere anywhere
INVALID tcp -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp-data
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt
op3 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:auth
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT udp -- anywhere anywhere state NEW udp dpt:ftp-data
ACCEPT udp -- anywhere anywhere state NEW udp dpt:ftp
ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain
ACCEPT udp -- anywhere anywhere state NEW udp dpt:auth
ACCEPT udp -- anywhere anywhere state NEW udp dpt:ntp
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
LOGDROPOUT all -- anywhere anywhere
Chain ALLOWIN (1 references)
target prot opt source destination
Chain ALLOWOUT (1 references)
target prot opt source destination
Chain DENYIN (1 references)
target prot opt source destination
Chain DENYOUT (1 references)
target prot opt source destination
Chain INVALID (2 references)
target prot opt source destination
INVDROP all -- anywhere anywhere state INVALID
INVDROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
INVDROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
INVDROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
INVDROP tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST
INVDROP tcp -- anywhere anywhere tcp flags:FIN,RST/FIN,RST
INVDROP tcp -- anywhere anywhere tcp flags:FIN,ACK/FIN
INVDROP tcp -- anywhere anywhere tcp flags
SH,ACK/PSH INVDROP tcp -- anywhere anywhere tcp flags:ACK,URG/URG
INVDROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEW
Chain INVDROP (10 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain LOCALINPUT (1 references)
target prot opt source destination
ALLOWIN all -- anywhere anywhere
DENYIN all -- anywhere anywhere
Chain LOCALOUTPUT (1 references)
target prot opt source destination
ALLOWOUT all -- anywhere anywhere
DENYOUT all -- anywhere anywhere
Chain LOGDROPIN (1 references)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp dpt:bootps
DROP udp -- anywhere anywhere udp dpt:bootps
DROP tcp -- anywhere anywhere tcp dpt:bootpc
DROP udp -- anywhere anywhere udp dpt:bootpc
DROP tcp -- anywhere anywhere tcp dpt:sunrpc
DROP udp -- anywhere anywhere udp dpt:sunrpc
DROP tcp -- anywhere anywhere tcp dpt:auth
DROP udp -- anywhere anywhere udp dpt:auth
DROP tcp -- anywhere anywhere tcp dpts:epmap:netbios-ssn
DROP udp -- anywhere anywhere udp dpts:epmap:netbios-ssn
DROP tcp -- anywhere anywhere tcp dpt:microsoft-ds
DROP udp -- anywhere anywhere udp dpt:microsoft-ds
DROP tcp -- anywhere anywhere tcp dpt:isakmp
DROP udp -- anywhere anywhere udp dpt:isakmp
DROP tcp -- anywhere anywhere tcp dpt:login
DROP udp -- anywhere anywhere udp dpt:who
DROP tcp -- anywhere anywhere tcp dpt:efs
DROP udp -- anywhere anywhere udp dpt:router
LOG tcp -- anywhere anywhere limit: avg 30/min burst 5 LOG level warning prefix `Firewall: *TCP_IN Blocked* '
LOG udp -- anywhere anywhere limit: avg 30/min burst 5 LOG level warning prefix `Firewall: *UDP_IN Blocked* '
LOG icmp -- anywhere anywhere limit: avg 30/min burst 5 LOG level warning prefix `Firewall: *ICMP_IN Blocked* '
DROP all -- anywhere anywhere
Chain LOGDROPOUT (1 references)
target prot opt source destination
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 30/min burst 5 LOG level warning uid prefix `Firewall: *TCP_OUT Blocked* '
LOG udp -- anywhere anywhere limit: avg 30/min burst 5 LOG level warning uid prefix `Firewall: *UDP_OUT Blocked* '
LOG icmp -- anywhere anywhere limit: avg 30/min burst 5 LOG level warning uid prefix `Firewall: *ICMP_OUT Blocked* '
DROP all -- anywhere anywhere
when i do: service csf stop
connections starts working, when i start, it fails to connect, wget..
Continue reading...
