[TriLUG] IPTables: Automated firewall hardening
Tanner Lovelace
lovelace at wayfarer.org
Mon Sep 2 21:54:41 EDT 2002
On Mon, 2002-09-02 at 21:29, Thunder Bear wrote:
> Keep in mind, dynamic filter rules are frowned upon by many security
> specialists because they could theoretically be used against you to
> initiate a denial of service attack, hitting your firewall from spoofed
> IP addresses and gradually closing you off from the Internet using your
> own systems against you.
I only skimmed through it, so this may not be what he does, but
I did notice that he mentioned that you had to explicitly know
the MAC addresses of the other computers on your network. Presumably
he could then use that knowledge to make sure he didn't do anything
stupid like block off all the other computers on the network.
But, like I said, I only skimmed it. :-)
Tanner
--
Tanner Lovelace | lovelace(at)wayfarer.org | http://wtl.wayfarer.org/
--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--
GPG Fingerprint = A66C 8660 924F 5F8C 71DA BDD0 CE09 4F8E DE76 39D4
GPG Key can be found at http://wtl.wayfarer.org/lovelace.gpg.asc
--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--
http://www.petitiononline.com/SSSCA/petition.html
--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--
Those who are willing to sacrifice essential liberties for a little
order, will lose both and deserve neither. -- Benjamin Franklin
History teaches that grave threats to liberty often come in times
of urgency, when constitutional rights seem too extravagant to
endure. -- Justice Thurgood Marshall, 1989
More information about the TriLUG
mailing list