[SOVED]firewall-sinexeias
Alex Chontzopoulos
ac at it-cell.com
Fri Nov 18 17:05:11 EET 2005
En taxi (giati feugw me adeia, kala na perasw, euxaristw :-) )
Na mou milages gia tin adunamia twn firewalls pou ilopoiousan drop prin
apo 5 xronia (SYN Attacks) ta opoia den periorizan posa syn packeta tha
laboun me apotelesma na trwne DOS na to katalabw. Nai ekei ipirxe
problima.
Apo tin alli den mporw me tin seira mou na katalabw tin tifli pisti pou
deixneis sto REJECT. Kai exigw:
a) Tin wra pou tha kanei kapoios gia na scannarei oloklirwtika 1 IP mou,
tha mporesei na scannarei olo sou to subnet (afou esi ta kaneis REJECT)
b) Enw ta responses ta dika mou den tha labei KAMIA pliroforia, apo ta
dika sou tha labei (kata ta legomena sou) apo tipota ews kai kati.. Min
xexname oti ena REJECTED packeto den einai apla mia pinakida STOP ston
dromo... periexei kai alles plirofories .. Ena DROP apo tin alli ....
Apolitos tipota..
c) Ksexnas profanws auto ...
http://www.microsoft.com/technet/security/bulletin/MS98-014.mspx
(Vulnerability pou xeskise ta NT mixanakia to opoio basizotan sta
rejected paketa)
d) Logika xsexnas kai to oti osa port scanning sou kanw se alla tosa tha
apantiseis. Diladi osa packeta SYN sou steilw alla tosa reject tha mou
giriseis pisw.. Kai an to kanoun 10 mazi ?? (blepe apeirous ious pou to
kanoun se "megala" portals)
Pragmatika prepei na figw. Makari na exeis dikio giati anoixtomualoi
anthropoi eimaste (blepe linux:-) ) alla amfibalw.
Filika,
Alexis
-----Original Message-----
From: linux-greek-users-bounces at lists.hellug.gr
[mailto:linux-greek-users-bounces at lists.hellug.gr] On Behalf Of Christos
Ricudis
Sent: Friday, November 18, 2005 3:24 PM
Cc: linux-greek-users at hellug.gr
Subject: Re: [SOVED]firewall-sinexeias
Alex Chontzopoulos wrote:
>Oi gnomes diistantai ... :-)
>
>Apo tin mia exeis dikio(Legitimate Users) kai apo tin alli exeis adiko
>(Hostile users)....
>
>As min to analisoume edw kalutera
>
>
Epimenw.
Dexesai me tyflh pisth oti OPOIADHPOTE plhroforia, boh8aei ton hostile
user. Merikes fores h apwleia plhroforias periexei h idia plhroforia -
sth sygkekrimenh periptwsh, to DROP eidopoiei ton hostile user oti
YPARXEI ena filtro to opoio kobei KATI poy endexomenws na exei
"endiaferon" gi' ayton.
Ena "REJECT" reply anti8etws, isodynamei me thn default symperifora enos
TCP socket sto opoio den akouei kanenas : ECONNREFUSED.
Mporw na fantastw mono tria senaria sta opoia to DROP yperterei tou
REJECT ws pros ayto to shmeio :
1) Apotrepei dynhtika DoS attacks
2) Apotrepei dynhtika timing-based attacks (xwris na eimai apolyta
sigouros gi ayto)
3) Epiballei ston hostile user na perimenei kapoio xroniko diasthma
mexri na diapistwsei oti den tou hr8e apanthsh.
--
Christos Ricudis ricudis at itc.auth.gr
Systems Administrator +30-2310-998656
IT Support Center
Aristotle University of Thessaloniki, GREECE
More information about the Linux-greek-users
mailing list