Subject: Re: Security Issues... ( here ya go )
From: cdowns (cdowns@skillsoft.com)
Date: Tue Aug 14 2001 - 06:23:36 MDT
If you would like to stop scans against your domain i suggest you filter
icmp traffic by proto like this example below:
best link available:
http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS/cHTML/TrinityOS-c-10.html
##########################################################
# lets filter icmp crap for scanning.....
###########################################################
/sbin/ipchains -A input -j REJECT -i eth0 -p icmp -s 0.0.0.0/0 -d
$firewallhost --icmp-type echo-reply
# filter remote traceroute
/sbin/ipchains -A input -j REJECT -i eth0 -p tcp -s 0.0.0.0/0 -d
$firewallhost 33434
/sbin/ipchains -A input -j REJECT -i eth0 -p udp -s 0.0.0.0/0 -d
$firewallhost 33434
/sbin/ipchains -A input -j REJECT -i eth0 -p icmp -s 0.0.0.0/0 -d
$firewallhost --icmp-type destination-unreachable
# stop OS identification
/sbin/ipchains -A input -j REJECT -i eth0 -p icmp -s 0.0.0.0/0 -d
$firewallhost --icmp-type source-quench
/sbin/ipchains -A input -j REJECT -i eth0 -p icmp -s 0.0.0.0/0 -d
$firewallhost --icmp-type redirect
/sbin/ipchains -A input -j REJECT -i eth0 -p icmp -s 0.0.0.0/0 -d
$firewallhost --icmp-type echo-request
/sbin/ipchains -A input -j REJECT -i eth0 -p icmp -s 0.0.0.0/0 -d
$firewallhost --icmp-type time-exceeded
/sbin/ipchains -A input -j REJECT -i eth0 -p icmp -s 0.0.0.0/0 -d
$firewallhost --icmp-type parameter-problem
/sbin/ipchains -A input -j REJECT -i eth0 -p icmp -s 0.0.0.0/0 -d
$firewallhost --icmp-type timestamp-request
/sbin/ipchains -A input -j REJECT -i eth0 -p icmp -s 0.0.0.0/0 -d
$firewallhost --icmp-type timestamp-reply
/sbin/ipchains -A input -j REJECT -i eth0 -p icmp -s 0.0.0.0/0 -d
$firewallhost --icmp-type address-mask-request
/sbin/ipchains -A input -j REJECT -i eth0 -p icmp -s 0.0.0.0/0 -d
$firewallhost --icmp-type address-mask-reply
##
Most scans rely on icmp packets so if you deny these as above it
actaully will stop most ( not all ) scan attempts. read into the
documentation above.
Hope this Helps.
-D
Brian Watson wrote:
> I've noticed several people attempting to access my website, and not
> by ordinary means. I've been examining my logs, and many, many
> people are port sniffing me. How can I stop port sniffers? A friend
> mentioned something about a robots.txt file, but I don't know if this
> applies to YDL or not. Any help would be appreciated.
>
> --Brian
-- -------------------------------- Network Security Administrator Christopher M Downs Skillsoft Corporation http://www.skillsoft.com "you can't point and click your way to super cracker status -" --------------------------------
This archive was generated by hypermail 2a24 : Tue Aug 14 2001 - 05:32:21 MDT