I don't know what's the matter with people: they don't learn by understanding, they learn by some other way — by rote or something. Their knowledge is so fragile! (Feynman)
create the script with jenkins group : /pathtoscript.sh
vim /etc/sudoers
add the following row to the conf sudoers file
jenkins ALL=(ALL) NOPASSWD: /pathtoscript.sh
be carefull only root can read write execute , jenkins can read and execute not write
chmod 750 /pathtoscript.sh
| Sr. No | Hub | Switch | Router |
|---|---|---|---|
| 1. | Hub is a physical layer device i.e. layer 1. | Switch is a data link layer device i.e. layer 2. | Router is a network layer device i.e. layer 3. |
| 2. | A Hub works on the basis of broadcasting. | Switch works on the basis of MAC address. | A router works on the basis of IP address. |
| 3. | A Hub is a multiport repeater in which a signal introduced at the input of any port appears at the output of the all available ports. | A Switch is a tele-communication device which receives a message from any device connected to it and then transmits the message only to the device for which the message is intended. | A router reads the header of incoming packet and forward it to the port for which it is intended there by determines the route. It can also perform filtering and encapsulation. |
| 4. | Hub is not an intelligent device that may include amplifier on repeater. | A Switch is an intelligent device as it passes on the message to the selective device by inspecting the address. | A route is more sophisticated and intelligent device as it can read IP address and direct the packets to another network with specified IP address. Moreover routers can built address tables that helps in routing decisions. |
| 5. | At least single network is required to connect. | At least single network is required to connect. | Router needs at least two networks to connect. |
| 6. | Hub is cheaper as compared to switch and router. | Switch is an expensive device than hub. | Router is a relatively much more expensive device than hub and switch. |
An Ethernet hub acts as a multiport repeater that receives an incoming electrical signal (data) on a port. It then immediately forwards a regenerated signal out all other ports. Hubs use physical layer processing to forward data. They do not look at the source and destination MAC address of the Ethernet frame. Hubs connect the network into a star topology with the hub as the central connection point. When two or more end devices connected to a hub send data at the same time, an electrical collision takes place, corrupting the signals. All devices connected to a hub belong to the same collision domain. Only one device can transmit traffic at any given time on a collision domain. If a collision does occur, end devices use CSMA/CD logic to avoid transmission until the network is clear of traffic. Due to the low cost and superiority of Ethernet switching, hubs are seldom used today.
Bridges have two interfaces and are connected between hubs to divide the network into multiple collision domains. Each collision domain can have only one sender at a time. Collisions are isolated by the bridge to a single segment and do not impact devices on other segments. Just like a switch, a bridge makes forwarding decisions based on Ethernet MAC addresses. Bridges are seldom used in modern networks.
LAN switches are essentially multiport bridges that connect devices into a star topology. Like bridges, switches segment a LAN into separate collision domains, one for each switch port. A switch makes forwarding decisions based on Ethernet MAC addresses. The figure shows the Cisco series of 2960-X switches that are commonly used to connect end devices on a LAN.
from here
IPTables is a very powerful firewall that allows you to protect your Linux servers. I have been looking for some best practices to protect a server from the Internet and after collecting some examples here and there I came up with the following rules. This will block all the bad stuff, allow inbound SSH and also allows outgoing traffic from the server itself.
Don’t just copy and paste this script as there is always a change to block some legitimate traffic, look at the example and then decide for yourself what you want to use. Having said that, let’s take a look:
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
# ACCEPT LOOPBACK
-A INPUT -i lo -j ACCEPT
# FIRST PACKET HAS TO BE TCP SYN
-A INPUT -p tcp ! --syn -m state --state NEW -j DROP
# DROP FRAGMENTS
-A INPUT -f -j DROP
# DROP XMAS PACKETS
-A INPUT -p tcp --tcp-flags ALL ALL -j DROP
# DROP NULL PACKETS
-A INPUT -p tcp --tcp-flags ALL NONE -j DROP
# DROP EXCESSIVE TCP RST PACKETS
-A INPUT -p tcp -m tcp --tcp-flags RST RST -m limit --limit 2/second --limit-burst 2 -j ACCEPT
# DROP ALL INVALID PACKETS
-A INPUT -m state --state INVALID -j DROP
-A FORWARD -m state --state INVALID -j DROP
-A OUTPUT -m state --state INVALID -j DROP
# DROP RFC1918 PACKETS
-A INPUT -s 10.0.0.0/8 -j DROP
-A INPUT -s 172.16.0.0/12 -j DROP
-A INPUT -s 192.168.0.0/16 -j DROP
# DROP SPOOFED PACKETS
-A INPUT -s 169.254.0.0/16 -j DROP
-A INPUT -s 127.0.0.0/8 -j DROP
-A INPUT -s 224.0.0.0/4 -j DROP
-A INPUT -d 224.0.0.0/4 -j DROP
-A INPUT -s 240.0.0.0/5 -j DROP
-A INPUT -d 240.0.0.0/5 -j DROP
-A INPUT -s 0.0.0.0/8 -j DROP
-A INPUT -d 0.0.0.0/8 -j DROP
-A INPUT -d 239.255.255.0/24 -j DROP
-A INPUT -d 255.255.255.255 -j DROP
# ICMP SMURF ATTACKS + RATE LIMIT THE REST
-A INPUT -p icmp --icmp-type address-mask-request -j DROP
-A INPUT -p icmp --icmp-type timestamp-request -j DROP
-A INPUT -p icmp --icmp-type router-solicitation -j DROP
-A INPUT -p icmp -m limit --limit 2/second -j ACCEPT
# ACCEPT SSH
-A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT
# DROP SYN-FLOOD PACKETS
-A INPUT -p tcp -m state --state NEW -m limit --limit 50/second --limit-burst 50 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -j DROP
# ALLOW ESTABLISHED CONNECTIONS
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT-A INPUT -i lo -j ACCEPTWe should permit local traffic on the server.
-A INPUT -p tcp ! --syn -m state --state NEW -j DROPWhen TCP establishes a connection it will perform a 3 way handshake. The first TCP packet always has the SYN bit set. If it doesn’t have this, we will drop the traffic.
-A INPUT -f -j DROPWe don’t allow fragmented IP Packets.
-A INPUT -p tcp --tcp-flags ALL ALL -j DROPA TCP packet that has all the flags set is called a XMAS packet and should never be accepted.
-A INPUT -p tcp --tcp-flags ALL NONE -j DROPA Null packet is a TCP packet without any flags. This is never used in legitimate traffic so it should be dropped.
-A INPUT -p tcp -m tcp --tcp-flags RST RST -m limit --limit 2/second --limit-burst 2 -j ACCEPTThe TCP RST (Reset) is used to abort a TCP connection so we shouldn’t see many of these at the same time. They are accepted but limited to 2 per second with a burst of 2.
-A INPUT -m state --state INVALID -j DROP
-A FORWARD -m state --state INVALID -j DROP
-A OUTPUT -m state --state INVALID -j DROPWhen using stateful packet inspection, a packet can be new, established or related. When it’s not one of these, it is considered invalid and should be dropped.
-A INPUT -s 10.0.0.0/8 -j DROP
-A INPUT -s 172.16.0.0/12 -j DROP
-A INPUT -s 192.168.0.0/16 -j DROPOn the Internet we should never see IP packets from private IP addresses so we’ll drop them.
-A INPUT -s 169.254.0.0/16 -j DROP
-A INPUT -s 127.0.0.0/8 -j DROP
-A INPUT -s 224.0.0.0/4 -j DROP
-A INPUT -d 224.0.0.0/4 -j DROP
-A INPUT -s 240.0.0.0/5 -j DROP
-A INPUT -d 240.0.0.0/5 -j DROP
-A INPUT -s 0.0.0.0/8 -j DROP
-A INPUT -d 0.0.0.0/8 -j DROP
-A INPUT -d 239.255.255.0/24 -j DROP
-A INPUT -d 255.255.255.255 -j DROPWe shouldn’t see the ranges above so when we do, they are considered as spoofed and dropped.
-A INPUT -p icmp --icmp-type address-mask-request -j DROP
-A INPUT -p icmp --icmp-type timestamp-request -j DROP
-A INPUT -p icmp --icmp-type router-solicitation -j DROP
-A INPUT -p icmp -m limit --limit 2/second -j ACCEPTWe allow most ICMP traffic but it is rate-limited.
-A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPTSSH is allowed for remote access.
-A INPUT -p tcp -m state --state NEW -m limit --limit 50/second --limit-burst 50 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -j DROPA SYN flood is a DOS attack where the attacker sends a lot of SYN packets but never completes the 3 way handshake. As a result the server will have a lot of “half open” connections and might not be able to serve new connections. Be careful with this setting as this is a global limit.
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPTPackets with the “new” state are checked with our first rule, we drop “invalid” packets so at the end we can accept all “related” and “established” packets.
Hopefully this iptables example gives you a template to work on. If you want to protect your device even more you might want to consider looking at the hashlimit module. This allows you to rate-limit traffic based on IP addresses and port numbers, which might be helpful to combat some DOS attacks.
quante tipi di connessioni da un dato ip
netstat -nat | grep 146.0.191.49 | awk ‘{print $6}’ | sort | uniq -c | sort -n
quante porte usate da un dato ip
netstat -nat | grep 146.0.191.49 | awk ‘{print $4}’ | sort | uniq -c | sort -n
numero di connessioni presenti per indirizzo ip
netstat -atun | awk ‘{print $5}’ | cut -d: -f1 | sed -e ‘/^$/d’ |sort | uniq -c | sort -n
numero totale di connessioni
netstat -nat | awk ‘{ print $5}’ | cut -d: -f1 | sed -e ‘/^$/d’ | uniq | wc -l
lsof -ni | egrep -i “10\.0\.8|193\.170”