Need some help on security

Laust S. Jespersen freebsd-security at
Sat Jan 10 16:01:52 PST 2004

Hi David,
> How about to use ipfw.ko?
What Taras is suggesting here, is for you to use the loadable kernel 
module version of ipfw.

For more information on loadable kernel modules see "man kldload"
Something along the lines of:
"kldload ipfw && ipfw add 65334 allow ip from any to any"
The last part (ipfw and so on) should let you be able to keep your
connection to the server if you're not on via a local console.
Also "man ipfw" is a fantastic manpage.

With regards the attacks on your webserver, there is the option of 
firewalling it out (ie. ipfw add 10000 deny ip from x.x.x.x to me)
or using apache's built-in access.conf mechanism.

You could do something in your access.conf along the lines of:
<Location />
    Order Allow,Deny
    Allow from all
    Deny from

Personally I'd go with the firewalling, although sometimes it is 
not practical if the websites in question are not your own.

Lastly, just to ease your mind, all the attacks in your original mail
are IIS attacks and as such should not work on your webserver :)
To illustrate from my own logfiles :)
me at my:/var/log>grep '[root|cmd].exe' httpd-error.log|wc -l 
Hope this helps.

Med venlig hilsen / Best Regards 
Laust Jespersen 
Viking Rule of Acquisition 1: Remember where you beached the long ship 

More information about the freebsd-security mailing list