Hello folks, While quickly browsing the ShoreWall documentation, I was wondering how to implement a few security rules to prevent malicious attempts to hack the system using - IP fragments ? - X-Mas trees (TCP with all flags turned on) ? - spoofed addresses ? Regards JM
Tom Eastep
2002-Aug-21 13:37 UTC
[Shorewall-users] Question about malicious attacks attempts
On Wed, 21 Aug 2002, j 6m wrote:> While quickly browsing the ShoreWall documentation, I was wondering how to > implement a few security rules to prevent malicious attempts to hack the > system using > > - IP fragments ?Netfilter-based firewalls that do connection tracking never see fragments since connection tracking reassembles fragments before they are passed to the firewall rules.> - X-Mas trees (TCP with all flags turned on) ?''dropunclean'' interface option -- but beware that there are lots of broken IP stacks out there and this option finds them :-(> - spoofed addresses ?''routefilter'' interface option. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net