Recently i have trubles with the hub, and its not the first time i installed verli, now i know why..
Now i know shure theres another party when i reed a warning mail from vps to warn about attackers
specialy on ssh..
http://fortune.com/2015/05/13/venom-vulnerability/Security researchers have discovered a critical flaw that allows attackers to move freely across virtual machines.
Inside some data center miles away, a portion of your cloud-hosted network may be running on the same system as someone else’s.
Normally, this isn’t a problem. So-called virtual machines—basically, computers simulated within other computers—prevent networks on the same machine from impacting one another. They’re an efficient way to manage large amounts of computing resources while, presumably, keeping them isolated and secure.
That’s not the whole story though, say researchers at the Irvine, Calif.-based security firm CrowdStrike. It turns out that an attacker can burst out of certain virtual machines and manipulate whatever’s running adjacently, thus shattering the notion that these vessels have hard and fast, protective boundaries.
“This destroys the isolation myth that you can have something run a virtual machine and have it be isolated from everything else,” says Jason Geffner, the senior security researcher at CrowdStrike who uncovered the flaw. “This bug lets you escape a container and get into all other containers.”
So put on you firewall on the vps, there also evel people with big fake hubs and attackers everywere..
Iptables Firewall
export EDITOR=nano
In debian >> apt-get install iptables
# make executeble
chmod +x /etc/network/if-up.d/iptables
# Refuse forward accept output rules
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
# incoming traffic
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# localhost accept
iptables -A INPUT -i lo -j ACCEPT
For pc ...
iptables -A INPUT -p tcp --dport 22 -s pcip1xxxxxxxxxx -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s pcip2xxxxxxxxxx -j ACCEPT
# Port 80 For webserver
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
# Port 411 for the hub
iptables -A INPUT -p tcp --dport 411 -j ACCEPT
# Allow pingflood only for you own adress
iptables -A INPUT -p icmp -s xx.xxx.xxx.xxx -j ACCEPT (your own extern ipadres)
# Save rules for ip tables
mkdir /etc/iptables/ iptables-save > /etc/iptables/myrules
chmod 755 /etc/iptables/myrules
# The last step deny all other traffic Do This at the end!..
iptables -P INPUT DROP
For save iptables do apt-get install iptables-persistent
# check the tables..
iptables -L
Happy hubbing .. Ger
2 Replies
9319 Views