Security Basics mailing list archives
Iptables Clues and Advices.
From: Nahual Guerrero <nahual () axis org>
Date: Wed, 2 Apr 2003 22:55:55 +0200
Hi list. I began using iptables a few months ago , I've managed to make a perl script wich contains al basic rules of packet filitering in my box. but now that I managed and learned how to do it , i really don't know how to secure my box from possible attacks comming from internet. I use the error and test method , I mean , I use against myself classical attacks such a smurf , different types of scans using nmap etc... I'd like to make several questions , so i'll set the variables of my sistem in order to have better answers , if anyone wants to answer any of them. ->Security programs installed (and probably misconfigured...remember , i'm a newbie): -tcplog 1.6 -portsentry 1.1 -iptables 1.2.2 ->Services I run , in order to make tests in my own box (so we deduce I don't want anyone from the internet to know they exist) MySql (3306) Apache (80) ->Script made to try to detect and prevent any kind of investigation on my box. ################################################################### #!/usr/bin/perl my $iptfh = 'iptables -F'; my $iptin = 'iptables -A INPUT -j DROP -p tcp -s ! 127.0.0.0/255.255.255.0 --destination-port'; my $iptil = 'iptables -A INPUT -j LOG -p tcp -s ! 127.0.0.0/255.255.255.0 --destination-port'; my $iptol = 'iptables -A OUTPUT -j LOG'; my $iptfl = 'iptables -A FORWARD -j LOG'; system ("clear"); print "Tirando de la Cadena....\n"; system ("$iptfh"); #Input system ("$iptin 80"); system ("$iptin xxx"); system ("$iptin xxx"); system ("$iptin xxxx"); system ("$iptin xxxx"); system ("$iptin 3306"); system ("$iptin xxxx"); system ("$iptin xxxx"); system ("$iptil 80"); system ("$iptil xxx"); system ("$iptil xxxx"); system ("$iptil xxxx"); system ("$iptil 3306"); system ("$iptil xxxx"); system ("$iptil xxxx"); #Output #Forward system ("$iptfl"); #Port Sentry print "Iniciando Port Sentry\n"; system ("portsentry -stcp"); system ("portsentry -sudp"); ####################################################################### I know , It's very simplistic , that's why I ask for help. So with this configuration , it's obvious that it only blocks some type of scans , and direct conections on tcp ports , but i'd like to hide these ports from any kind of scan (at least any kind of scan wich nmap can perform). Now the questions. Is it a good idea to block icmp packets to avoid smurf attacks?If we drop all icmp attacks won't we have any trouble during regular surfing? How can I completely hide ports(udp and tcp) when connected to the internet?In case of being impossible , How can i hide them as much as possible? If any of the questions i've made are abusive , feel free to say it , but please , pleeease , do not flame me. Thank you in advance. Un abrazo. ------------------------------------------------------------------------------------------------------. Nahual Guerrero Llave pgp: http://www.rootshell.be/~nahual/pub_key.asc ------------------------------------------------------------------- SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.securityfocus.com/SurfControl-security-basics
Current thread:
- Iptables Clues and Advices. Nahual Guerrero (Apr 03)
- Re: Iptables Clues and Advices. Pierre BETOUIN (Apr 04)
- Re: Iptables Clues and Advices. Christian Friedl (Apr 04)
- Re: Iptables Clues and Advices. Pierre BETOUIN (Apr 04)
- Re: Iptables Clues and Advices. Andreas Happe (Apr 07)
- Re: Iptables Clues and Advices. panth3r (Apr 07)
- Re: Iptables Clues and Advices. Pierre BETOUIN (Apr 04)
- <Possible follow-ups>
- RE: Iptables Clues and Advices. Allan Schon (Apr 07)
- RE: Iptables Clues and Advices. David Gillett (Apr 08)
- RE: Iptables Clues and Advices. Jason Dixon (Apr 08)
- Re: Iptables Clues and Advices. Andres j. Ogayar (Apr 09)
- RE: Iptables Clues and Advices. Steve Bremer (Apr 09)
- RE: Iptables Clues and Advices. David Gillett (Apr 08)