Full Disclosure mailing list archives
IP'less bridging firewall
From: full-disclosure () lists netsys com (Evrim ULU)
Date: Sat, 17 Aug 2002 10:26:48 +0300
Hi, We have setup an ipless(0.0.0.0) bridging linux firewall using bridge-nf patch. At the begining, ipt_REJECT.c is not working since no interface has ip addr. Then we've made it to produce necessary TCP RST & ICMP Port unreachable packs. Now it's working quite well and no syn attacks can reach the machines behind the firewall. Also, configuring it correctly leads to an invisible firewall. Firewalking can be eliminating using ttl module of iptables. In addition, if there are insufficient ports open on the protected machine behind the firewall nmap may confuse while determining the os since rst packets are generated by firewall. Onto this, random os stack fingerprinting can be added to confuse nmap etc. On the other hand, we haven't tried to mangle the connections. If this can also be done, boxes behind the firewall can be protected more. This firewall has 3 nic's and one is connected to my console box directly. Snort is installed to dynamically block the flood/ddos/buffer overrun attacks. Finally, we'r looking for test methods to penetrate this firewall. I've no idea how can this box be *hacked* & *abused* & *ddossed*? *There is no spoon* -------------------> *and no firewall either* -- Evrim ULU evrim () envy com tr / evrim () core gen tr sysadm http://www.core.gen.tr
Current thread:
- IP'less bridging firewall Evrim ULU (Aug 17)