Re: Security Issues... ( here ya go )

Subject: Re: Security Issues... ( here ya go )
From: cdowns (cdowns@skillsoft.com)
Date: Tue Aug 14 2001 - 06:23:36 MDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Donovan Warren: "Re: Security Issues..."
• Previous message: michael: "Re: Adding paths..?"
• In reply to: Brian Watson: "Security Issues..."
• Reply: cdowns: "Re: Security Issues... ( here ya go )"

If you would like to stop scans against your domain i suggest you filter
icmp traffic by proto like this example below:

best link available:
http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS/cHTML/TrinityOS-c-10.html

##########################################################
# lets filter icmp crap for scanning.....
###########################################################
/sbin/ipchains -A input -j REJECT -i eth0 -p icmp -s 0.0.0.0/0 -d
$firewallhost --icmp-type echo-reply
# filter remote traceroute
/sbin/ipchains -A input -j REJECT -i eth0 -p tcp -s 0.0.0.0/0 -d
$firewallhost 33434
/sbin/ipchains -A input -j REJECT -i eth0 -p udp -s 0.0.0.0/0 -d
$firewallhost 33434
/sbin/ipchains -A input -j REJECT -i eth0 -p icmp -s 0.0.0.0/0 -d
$firewallhost --icmp-type destination-unreachable
# stop OS identification
/sbin/ipchains -A input -j REJECT -i eth0 -p icmp -s 0.0.0.0/0 -d
$firewallhost --icmp-type source-quench
/sbin/ipchains -A input -j REJECT -i eth0 -p icmp -s 0.0.0.0/0 -d
$firewallhost --icmp-type redirect
/sbin/ipchains -A input -j REJECT -i eth0 -p icmp -s 0.0.0.0/0 -d
$firewallhost --icmp-type echo-request
/sbin/ipchains -A input -j REJECT -i eth0 -p icmp -s 0.0.0.0/0 -d
$firewallhost --icmp-type time-exceeded
/sbin/ipchains -A input -j REJECT -i eth0 -p icmp -s 0.0.0.0/0 -d
$firewallhost --icmp-type parameter-problem
/sbin/ipchains -A input -j REJECT -i eth0 -p icmp -s 0.0.0.0/0 -d
$firewallhost --icmp-type timestamp-request
/sbin/ipchains -A input -j REJECT -i eth0 -p icmp -s 0.0.0.0/0 -d
$firewallhost --icmp-type timestamp-reply
/sbin/ipchains -A input -j REJECT -i eth0 -p icmp -s 0.0.0.0/0 -d
$firewallhost --icmp-type address-mask-request
/sbin/ipchains -A input -j REJECT -i eth0 -p icmp -s 0.0.0.0/0 -d
$firewallhost --icmp-type address-mask-reply
##

Most scans rely on icmp packets so if you deny these as above it
actaully will stop most ( not all ) scan attempts. read into the
documentation above.

Hope this Helps.

-D

Brian Watson wrote:

> I've noticed several people attempting to access my website, and not
> by ordinary means. I've been examining my logs, and many, many
> people are port sniffing me. How can I stop port sniffers? A friend
> mentioned something about a robots.txt file, but I don't know if this
> applies to YDL or not. Any help would be appreciated.
>
> --Brian

--
--------------------------------
 Network Security Administrator
     Christopher M Downs
    Skillsoft Corporation
  http://www.skillsoft.com
"you can't point and click your
 way to super cracker status -"
--------------------------------

• Next message: Donovan Warren: "Re: Security Issues..."
• Previous message: michael: "Re: Adding paths..?"
• In reply to: Brian Watson: "Security Issues..."
• Reply: cdowns: "Re: Security Issues... ( here ya go )"

This archive was generated by hypermail 2a24 : Tue Aug 14 2001 - 05:32:21 MDT