attacks
hi,
i've almost finished the firewall ( for a labotory )
and i would know what you think about my solution :
* to protect against syn-flooding :
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
* to protect against smurf amplification :
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
* to protect against spoofing :
i'm doing test on source and destination
* to protect against ping of DEATH :
$IPTABLES --append FORWARD -p icmp --icmp-type echo-request --match limit --limit 1/s --jump ACCEPT
* to protect against UDP flooding :
i don't know yet, i heard about udp flood with chargen(19) and echo(7), must i forbid these ports ??
* to protect against Tcp session hijacking, arp spoffing, dns spoofing and cache poisoning ... i think this is not the job for the firewall ... isn't it ?
* to protect against tiny fragments and frangment overlapping nothing yet... the only thing i know is that i can't forbid incoming fragment packet...
is there a solution against these 2 attacks ?
* to protect against all others attacks : nothing yet...
last thing i heard an attack on port 0 with UDP
can i forbid this port ? what is port 0 ?
is true ?
too many questions ... sorry :)
1000 times thanks
________________________________________________________
Outgrown your current e-mail service?
Get a 25MB Inbox, POP3 Access, No Ads and No Taglines with LYCOS MAIL PLUS.
http://login.mail.lycos.com/brandPage.shtml?pageId=plus
--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to:
- Follow-Ups:
- RE: attacks
- From: "Jeff Bonner" <jeff@integralogic.com>
- RE: attacks
- From: "Jeff Bonner" <jeff@integralogic.com>