[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: attacks



On Tue, Jun 04, 2002 at 12:23:47PM -0400, Jeff Bonner wrote (1.00):
> You probably want to add some route verification too:
> 
>   for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
>       echo 1 > $f
>   done

Debian turns this on by default, so you don't have to do it by hand.
But you can if you really want to.

> Anyway, what I would do is block TCP & UDP 0-19.  This tosses
> "port 0", as well as tcpmux, compressnet, rje, echo, discard,
> systat, daytime, netstat, qotd, msp, and chargen all at once:

What I would do instead is to set your default policy to DROP (iptables
-P INPUT DROP), and then ALLOW only the traffic that you actually want.
It's much better than allowing everything, and only blocking the stuff
you think is bad.  This has the nice feature that you will only open
ports that you need, and if you set iptables to log packets when you're
setting things up, you can start by dropping everything, and then just
start using your network, and enable the services that you see in your
logs that you want.

M

Attachment: pgp151atp1SKV.pgp
Description: PGP signature


Reply to: