[gentoo-user] Iptables Tarpit

[gentoo-user] Iptables Tarpit

[Erik Westenbroek]

hello
I am attempting create a tarpit to protect against SSH Brute force
attempts.  I tried this:

iptables -N SSH_Brute_Force
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_Brute_Force
iptables -A SSH_Brute_Force -s 192.168.1.254 -j RETURN
iptables -A SSH_Brute_Force -m recent --name SSH --set --rsource
iptables -A SSH_Brute_Force -m recent ! --rcheck --seconds 60
--hitcount 3 --name SSH --rsource -j RETURN
iptables -A SSH_Brute_Force -j LOG --log-prefix "SSH Brute Force Attempt:  "
iptables -A SSH_Brute_Force -p tcp -j TARPIT
After I type the last command typed I got this error message:
iptables: No chain/target/match by that name

What am I doing wrong?
Here is the website I used as a reference for the tarpit:
http://lists.netfilter.org/pipermail/netfilter/2005-June/060914.html

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Iptables Tarpit

[Ryan Tandy]

Erik Westenbroek wrote:
> iptables: No chain/target/match by that name
I don't see a chain or other target named TARPIT - it's not defined 
anywhere on the page you referenced as far as I see, so you may have to 
dig it up elsewhere.
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Iptables Tarpit

[Erik Westenbroek]

I guess TARPIT is not in the default installation of iptables, Ill
just use labrea.

On 3/6/06, Ryan Tandy <tarpman@gmail.com> wrote:
> Erik Westenbroek wrote:
> > iptables: No chain/target/match by that name
> I don't see a chain or other target named TARPIT - it's not defined
> anywhere on the page you referenced as far as I see, so you may have to
> dig it up elsewhere.
> --
> gentoo-user@gentoo.org mailing list
>
>


--
Erik
http://erikstotle.homelinux.org/

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Iptables Tarpit

[Dave Jones]

Erik Westenbroek wrote on 03/07/06 04:18:
> I am attempting create a tarpit to protect against SSH Brute force
> attempts.  I tried this:
 --snip--
> iptables -A SSH_Brute_Force -p tcp -j TARPIT
> After I type the last command typed I got this error message:
> iptables: No chain/target/match by that name

> What am I doing wrong?

Hi Erik

The standard Gentoo-sources kernel does not include the TARPIT target.
You need to pick up an updated kernel iptables source from
netfilter.org, and install it as follows:

I assume you have a subversion client already installed on your machine.

  cd /usr/src

Pick up patch-o-matic-ng:

  svn co https://svn.netfilter.org/netfilter/trunk/patch-o-matic-ng

Pick up iptables source code:

  svn co https://svn.netfilter.org/netfilter/trunk/iptables

Install kernel patches to iptables extra code

  cd patch-o-matic-ng
  ./runme extra

Here you can select the targets/filters (e.g TARPIT) you want patching
into the kernel iptables modules.

After installing patches you must regenerate your kernel and modules to
activate the patches, and then re-emerge iptables to pick up the kernel
patches.

make menuconfig
make && make modules_install && make install

Make sure that you have USE="extensions" in your /etc/make.conf before
you emerge iptables, or it will ignore the new non-standard extensions.

 emerge iptables

This worked for me.

Cheers, Dave
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Iptables Tarpit

[Andrew Frink]

[-- Attachment #1: Type: text/plain, Size: 1682 bytes --]

You could also just add the "extensions" USE flag to iptables and that
should give you tarpit support

On 3/7/06, Dave Jones <Dave.Jones@xs4all.nl> wrote:
>
> Erik Westenbroek wrote on 03/07/06 04:18:
> > I am attempting create a tarpit to protect against SSH Brute force
> > attempts.  I tried this:
> --snip--
> > iptables -A SSH_Brute_Force -p tcp -j TARPIT
> > After I type the last command typed I got this error message:
> > iptables: No chain/target/match by that name
>
> > What am I doing wrong?
>
> Hi Erik
>
> The standard Gentoo-sources kernel does not include the TARPIT target.
> You need to pick up an updated kernel iptables source from
> netfilter.org, and install it as follows:
>
> I assume you have a subversion client already installed on your machine.
>
>   cd /usr/src
>
> Pick up patch-o-matic-ng:
>
>   svn co https://svn.netfilter.org/netfilter/trunk/patch-o-matic-ng
>
> Pick up iptables source code:
>
>   svn co https://svn.netfilter.org/netfilter/trunk/iptables
>
> Install kernel patches to iptables extra code
>
>   cd patch-o-matic-ng
>   ./runme extra
>
> Here you can select the targets/filters (e.g TARPIT) you want patching
> into the kernel iptables modules.
>
> After installing patches you must regenerate your kernel and modules to
> activate the patches, and then re-emerge iptables to pick up the kernel
> patches.
>
> make menuconfig
> make && make modules_install && make install
>
> Make sure that you have USE="extensions" in your /etc/make.conf before
> you emerge iptables, or it will ignore the new non-standard extensions.
>
> emerge iptables
>
> This worked for me.
>
> Cheers, Dave
> --
> gentoo-user@gentoo.org mailing list
>
>

[-- Attachment #2: Type: text/html, Size: 2369 bytes --]

[gentoo-user] Re: Iptables Tarpit

[Erik Westenbroek]

thank you to all.  I now have tarpits up and running smoothly.


On 3/8/06, Andrew Frink <andrew.frink@gmail.com> wrote:
> You could also just add the "extensions" USE flag to iptables and that
> should give you tarpit support
>
> On 3/7/06, Dave Jones <Dave.Jones@xs4all.nl> wrote:
> >
> > Erik Westenbroek wrote on 03/07/06 04:18:
> > > I am attempting create a tarpit to protect against SSH Brute force
> > > attempts.  I tried this:
> > --snip--
> > > iptables -A SSH_Brute_Force -p tcp -j TARPIT
> > > After I type the last command typed I got this error message:
> > > iptables: No chain/target/match by that name
> >
> > > What am I doing wrong?
> >
> > Hi Erik
> >
> > The standard Gentoo-sources kernel does not include the TARPIT target.
> > You need to pick up an updated kernel iptables source from
> > netfilter.org, and install it as follows:
> >
> > I assume you have a subversion client already installed on your machine.
> >
> >   cd /usr/src
> >
> > Pick up patch-o-matic-ng:
> >
> >   svn co https://svn.netfilter.org/netfilter/trunk/patch-o-matic-ng
> >
> > Pick up iptables source code:
> >
> >   svn co https://svn.netfilter.org/netfilter/trunk/iptables
> >
> > Install kernel patches to iptables extra code
> >
> >   cd patch-o-matic-ng
> >   ./runme extra
> >
> > Here you can select the targets/filters (e.g TARPIT) you want patching
> > into the kernel iptables modules.
> >
> > After installing patches you must regenerate your kernel and modules to
> > activate the patches, and then re-emerge iptables to pick up the kernel
> > patches.
> >
> > make menuconfig
> > make && make modules_install && make install
> >
> > Make sure that you have USE="extensions" in your /etc/make.conf before
> > you emerge iptables, or it will ignore the new non-standard extensions.
> >
> > emerge iptables
> >
> > This worked for me.
> >
> > Cheers, Dave
> > --
> > gentoo-user@gentoo.org mailing list
> >
> >
>


--
Erik
http://erikstotle.homelinux.org/

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Iptables Tarpit

[Dave Jones]

Hi Andrew,

Andrew Frink wrote on 03/08/06 14:57:
> You could also just add the "extensions" USE flag to iptables and that
> should give you tarpit support

> On 3/7/06, *Dave Jones* < Dave.Jones@xs4all.nl
> <mailto:Dave.Jones@xs4all.nl>> wrote:

>     Erik Westenbroek wrote on 03/07/06 04:18:
>     > I am attempting create a tarpit to protect against SSH Brute force
>     > attempts.  I tried this:
>     --snip--
>     > iptables -A SSH_Brute_Force -p tcp -j TARPIT
>     > After I type the last command typed I got this error message:
>     > iptables: No chain/target/match by that name

>     The standard Gentoo-sources kernel does not include the TARPIT target.
>     You need to pick up an updated kernel iptables source from
>     netfilter.org <http://netfilter.org>

   --- snip---

Simply adding "extensions" to your /etc/make.conf USE is not enough.

Without the iptables kernel source updates you still won't have the
TARPIT target, even though the iptables package will have support for
support it in its library routines.

Cheers, Dave
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Iptables Tarpit

[Andrew Frink]

[-- Attachment #1: Type: text/plain, Size: 1292 bytes --]

ahh haven't really played that much with tarpit, thansk for clearing that up
:-)

On 3/8/06, Dave Jones <Dave.Jones@xs4all.nl> wrote:
>
> Hi Andrew,
>
> Andrew Frink wrote on 03/08/06 14:57:
> > You could also just add the "extensions" USE flag to iptables and that
> > should give you tarpit support
>
> > On 3/7/06, *Dave Jones* < Dave.Jones@xs4all.nl
> > <mailto:Dave.Jones@xs4all.nl>> wrote:
>
> >     Erik Westenbroek wrote on 03/07/06 04:18:
> >     > I am attempting create a tarpit to protect against SSH Brute force
> >     > attempts.  I tried this:
> >     --snip--
> >     > iptables -A SSH_Brute_Force -p tcp -j TARPIT
> >     > After I type the last command typed I got this error message:
> >     > iptables: No chain/target/match by that name
>
> >     The standard Gentoo-sources kernel does not include the TARPIT
> target.
> >     You need to pick up an updated kernel iptables source from
> >     netfilter.org <http://netfilter.org>
>
>    --- snip---
>
> Simply adding "extensions" to your /etc/make.conf USE is not enough.
>
> Without the iptables kernel source updates you still won't have the
> TARPIT target, even though the iptables package will have support for
> support it in its library routines.
>
> Cheers, Dave
> --
> gentoo-user@gentoo.org mailing list
>
>

[-- Attachment #2: Type: text/html, Size: 2124 bytes --]