Displaying 5 results from an estimated 5 matches for "alien_sup".
Did you mean:
alien_super
2024 Jul 15
1
Request for a Lockdown option
...the kernel"), outgoing source IP not being settable for UDP
|packets ("oops, another code path that was never written")...
I also found a Linux xt_recent "bug" while doing this now in that
printf '%s\n' "+::ffff:80.187.103.83" > /proc/net/xt_recent/alien_super
results in
< /proc/net/xt_recent/alien_super awk '{print $1}'
src=0000:0000:0000:0000:0000:ffff:50bb:6755
without the actual IPv4 address being handled (bugzilla 219038).
(But then i would assume bugs happen everywhere and all the time,
and it would be interesting to know the ti...
2024 Jul 15
1
Request for a Lockdown option
Hi,
On Sun, Jul 14, 2024 at 10:25:46AM +0100, Brian Candler wrote:
> On 14/07/2024 03:49, Steffen Nurpmeso wrote:
> > I have read
> >
> > https://datatracker.ietf.org/doc/html/draft-cmetz-v6ops-v4mapped-api-harmful-01
> >
> > but as an application developer i find it ugly not to be able to
> > "simply do it", and get back a mapped address.
2024 Jul 04
1
Request for a Lockdown option
...uot;${FWCORE_PORT_KNOCK}"; then
add_rule -p udp --dport ${port} \
-m recent --name port_knock --set \
-m recent --name port_knock --rcheck --seconds 60 --reap --hitcount 2 \
-m recent --name alien_super --set -j DROP
add_rule -p udp --dport ${port} -j f_m1
fi
fi
Which allows only one packet per minute, otherwise the
alien_super rule will block you for 23+ hours. I would not do it
without that, as it would then really be a door to attacks.
One could very wel...
2024 Jul 04
4
Request for a Lockdown option
Jochen Bern <Jochen.Bern at binect.de> writes:
> (And since you mention "port knocking", I'd like to repeat how fond I
> am of upgrading that original concept to a single-packet
> crypto-armored implementation like fwknop.)
I am reluctantly considering to use some kind of port knocking mechanism
on some machines, however I really don't want to carry around shared
2024 Jul 14
2
Request for a Lockdown option
P.S.:
Steffen Nurpmeso wrote in
<20240707025234.j3oUaPFH at steffen%sdaoden.eu>:
|Steffen Nurpmeso wrote in
| <20240704180538.iV4uex29 at steffen%sdaoden.eu>:
||Simon Josefsson wrote in
|| <87jzi1fg24.fsf at kaka.sjd.se>:
|||Jochen Bern <Jochen.Bern at binect.de> writes:
|||> (And since you mention "port knocking", I'd like to repeat how fond I