[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]


i've almost finished the firewall ( for a labotory )
and i would know what you think about my solution :

* to protect against syn-flooding :
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
* to protect against smurf amplification :
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
* to protect against spoofing :
i'm doing test on source and destination
* to protect against ping of DEATH :
$IPTABLES --append FORWARD -p icmp --icmp-type echo-request --match limit --limit 1/s --jump ACCEPT
* to protect against UDP flooding :
i don't know yet, i heard about udp flood with chargen(19) and echo(7), must i forbid these ports ??
* to protect against Tcp session hijacking, arp spoffing, dns spoofing and cache poisoning ... i think this is not the job for the firewall ... isn't it ?
* to protect against tiny fragments and frangment overlapping nothing yet... the only thing i know is that i can't forbid incoming fragment packet... 
is there a solution against these 2 attacks ?
* to protect against all others attacks : nothing yet...

last thing i heard an attack on port 0 with UDP
can i forbid this port ? what is port 0 ?
is true ?

too many questions ... sorry :)
1000 times thanks

Outgrown your current e-mail service?
Get a 25MB Inbox, POP3 Access, No Ads and No Taglines with LYCOS MAIL PLUS.

To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: