[TriLUG] IPTables: Automated firewall hardening
Thunder Bear
thunderbear at yonderway.com
Mon Sep 2 21:29:11 EDT 2002
Keep in mind, dynamic filter rules are frowned upon by many security
specialists because they could theoretically be used against you to
initiate a denial of service attack, hitting your firewall from spoofed
IP addresses and gradually closing you off from the Internet using your
own systems against you.
On Mon, 2002-09-02 at 20:56, Jon Carnes wrote:
> Automatic firewall hardening is a technique used by many commercial
> firewalls to prevent invalid packets from reaching protected networks.
> The objective of this document is to demonstrate how to harden iptables
> in real-time.
>
> http://www.linuxgazette.com/issue82/veerapen.html
>
> http://www.linuxsecurity.com/articles/firewalls_article-5619.html
>
> ===
> The author does some interesting things, but IMHO works too hard to get
> some simple results - banning addresses that are scanning his site. He
> uses a database to trap authorization messages from Syslogd (using a
> named pipe). And then keeps a database of all the IPaddresses that
> scanned his site. He uses the database to initialize his IPTables, and
> he modifies his IPTables with each negative attempt from a new
> IPaddress.
>
> You could easily get the same result by scanning the log file every
> minute (or continuously) and adding the ipaddresses to a text file.
>
> Still it is an interesting read.
>
> Jon
>
> _______________________________________________
> TriLUG mailing list
> http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ:
> http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
--
-=[*Thunder Bear*]=-
Wedding videos $500 if you book by August 31 -
http://yonderway.com/video
More information about the TriLUG
mailing list