iptables script + δυνατότητες

Άγγελος Οικονομόπουλος aoiko at cc.ece.ntua.gr
Wed Oct 16 20:53:01 EEST 2002


On Wednesday 16 October 2002 20:06, Alexandros Papadopoulos wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> > epipleon, apaiteitai 10 fores perissoteros xronos gia *ka8e* exec kai
> > malista gia kati to opoio mporei na ginei ek twn proterwn (eukola) sto
> > userspace. aporw pws den to exei kanei kanenas akoma.
>
> to idio pragma leme, userspace checksums

i) as to eleges pio nwris anti gia

"8a h8ela na ta exw kai ta dyo mazi, se ena application (dhladh mia pio 
ekseligmenh version tou iptables/netfilter)" == kernel stuff

ii) eite se kernel mode eite se user, to checksumming prepei na ginei prin 
to exec, ase pou me userspace checksums 8a exeis kai 2 context switches 
epipleon. Anti8eta, ena check gia to uid/gid erxetai sxedon dwrean 
(plhrwneis mono ta e3oda apostolhs kai perneis enan apoxumwth dwro, 
thlefwnhse twra).

>
> > an perasei to pf firewall shmainei oti kati den exeis kanei kala otan
> > to esthnes...
>
> eela twra mhn eisai toso apolytos

den eimai apolutos, apla uperballw :-), gia na uposthri3w oti an kapoios 
exei parakampsei to fw to tiny fw den se swzei me tipota.

> - mesw hijacked HTTP session (h ftp h
> to-agaphmeno-mas-protokollo-edw) mporei o bad-guy na kanei tunnel asxeta
> packeta pou den 8a 8elame pote na perasoun. Den mporoume na sthrixtoume
> sthn apolyth asfaleia twn RELATED / ESTABLISHED, opws ta katalabainei to
> netfilter.

proteineis a.i. sto fw? kati san to daimona tou maxwell?[0] :-

[0] nai, ok, uparxoun kai endiameses luseis
-- 
Keep it right when you make it faster.
            - The Elements of Programming Style (Kernighan & Plaugher)




More information about the Linux-greek-users mailing list