iptables script + δυνατότητες

Tasos Chronis tasosc at otenet.gr
Wed Oct 16 11:43:01 EEST 2002 

O/H Alexandros Papadopoulos έγραψε:
>>>>
>>>>nai, giati ta cisco exoun auto to feature, swsta?
>>>
>>>Oxi, giayto kai yparxei to parapanw skeptiko.
>>
>>poio skeptiko? oti to tiny personal fw (h opoiodhpote application level fw)
>>exei nohma pisw apo cisco (h opoiodhpote pf fw)? pws to uposthrizeis auto
>>(to "kalo einai na uparxei" den einai epixeirhma)?
> 
> 
> Apantaw se ola mazi - sorry pou hmoun asafhs prin, alla hmoun se mia 
> parousiash ths Apple kai eblepa asterakia.
> 
> To skeptiko mou einai oti
> 
> - - xrhsimopoieis iptables / Pix / otidhpote gia na prostatepseis to diktyo se 
> epipedo packet filtering, sto shmeio X (pes router)
> 
> kai
> 
> - - bazeis ena application level firewall tou styl Tiny stous clients pisw apo 
> to X, to opoio pros8etei to feature pou moiraia leipei apo to firewall tou X, 
> dhladh krataei database me checksums me applications pou exoun dikaiwma na 
> kanoun tis xy diktyakes drasthriothtes.

Den yparxei asfaleia stous clients kai pote den prepei 
na basizese se auto.
Auta ta programata typou Tiny pio poly zimia kanoun para
kalo.
Den katalabaino giati to 8eleis.
* An fobasai tous xristes :
Eite o xristis einai akyndinos opote den yparxei logos gia Tiny
Eite o xristis einai epikyndinos opote sigoura 8a brei tropo
na prosperasei autes tis apates tipou Tiny.
(To to poly poly kotsarei ena forito stin ethernet priza
mipos xreiazese kai sinagermo stis prizes tou ethernet ;.)

* An fobase gia ious i gia trojan vale antivirus kai 
kleise apo to firewall kapoies portes i site.

* An fobasai na min mporei na sniffarei kapoios 
paketa yparxei to ssh tunneling kai to SSL
kai eisai paranoikos bale se ena i parapano palio PC linux kai oses 
kartes ether PCI xorane gia na spaseis to diktyo se mikrotera, 
kane ekei tin politiki asfaleias kai an exete xrima bale switch pantou.

An fobasai min trexoun kapoies efarmoges tote frontise na min
einai installed sto client. An fobase min kanei install kapoios 
xristis kapoio programma tote distixos mporei na apenergopoihsh to
Tiny kai sia.

An fobasai min kapoia efarmogi X pou xreiazontai oi xristes na min dimiourgei traffic
tote kleise sto firewall tin IP pou prospa8ei na synde8ei. 

> 
> Ara san synolo, exoume ena diktyo to opoio kai kanei to paradosiako packet 
> filtering, kai periorizei ta applications pou mporoun na dhmiourghsoun to 
> opoiodhpote traffic. 
> 
> Milwntas gia *ena* standalone mhxanhma, to skeptiko mou einai oti 8a h8ela na 
> ta exw kai ta dyo mazi, se ena application (dhladh mia pio ekseligmenh 
> version tou iptables/netfilter). Etsi pros8eteis ena extra epipedo asfaleias 
> (prepei o assos na perasei to firewall mesw enos well-known prwtokollou, na 
> allaksei thn database me ta hashes twn executables pou exw kanei authorize na 
> exoun network activity, na topo8ethsei trojaned versions twn executables ktl 
> ktl. E, opoios exei ftasei ws ekei, tou bgazw to kapelo kai tou dinw kai to 
> laptop mou na paiksei. Megalo maniki! :-)

Se ena standalone an kataferei kapoios na mpei mesa sto systima sou
san root giati na min ta apergopoiisei ola ayta ????
To idio isxuei kai me ta trojan, diladi poso kairo 8a xreiastei na 
bgei rootkit pou na ta apenergopoiei auta ???
Kai an exei fisiki prosbash sto mixanima oti OS kai na trexei asfaleia 
den ypaxrei.

Kalytera na skefteis pos mporei kapoio trojan mporei na mpei sto mixanima sou.
An mpei asta na pane, exeis xasei to paixnidi.


> 
> Me thn parapanw me8odo ypo8etw oti apokleieis mia megalh taksh automated 
> attacks/rootkits ktl, epeidh akoma kai an exeis trojaned binary sto systhma 
> sou, periorizetai apo to application firewall kai den mporei na milhsei me 
> ton eksw kosmo. Nai, nai, kserw, mporeis na to antikatasthseis kai ayto an 
> 8eleis, alla eipame, apolyth asfaleia den yparxei, security is a process ktl 
> ktl.
> 
> - -A
> 
> - -- 
> http://www.andrew.cmu.edu/~apapadop/pub_key.asc
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.0 (GNU/Linux)
> 
> iD8DBQE9rNK8gmAMwQt1gmURAqw6AJ4vU+wMPWv0uXaEVS3VzBXK5IozwwCeL86v
> wSSNdUs5r1avlGJvWO1Vdpk=
> =8xEg
> -----END PGP SIGNATURE-----
>

More information about the Linux-greek-users mailing list