search for: ipfwadm

I was wondering if anyone here has or knows how to implement ttysnoop w/ssh ?

..." options to log all connection attempts (ie. SYN bit set) to syslog (you need verbose firewall logging compiled into the kernel), and accept the packets in both directions for these connections. 2a) Example of a bi-directional service # SMTP mail traffic /bin/echo -n "SMTP/" /sbin/ipfwadm -O -a accept -P tcp -S ${ME} ${HI} -D ${ANY} 25 -y -o /sbin/ipfwadm -O -a accept -P tcp -S ${ME} ${HI} -D ${ANY} 25 /sbin/ipfwadm -I -a accept -P tcp -S ${ANY} 25 -D ${ME} ${HI} /sbin/ipfwadm -I -a accept -P tcp -S ${ANY} ${HI} -D ${ME} 25 -y -o /sbin/ipfwadm -I -a accept -P tcp -S ${ANY} ${HI} -D...

...39;t seen anything on here about this, so my apologies if maybe I missed it. >Date: Thu, 30 Jul 1998 08:37:27 -0400 >From: Alan Spicer <aspicer@ebiznet.com> >Organization: Electronic Business Network >X-Mailer: Mozilla 4.05 [en] (Win95; I) >To: aspicer@ebiznet.com >Subject: ipfwadm configuration utility > >http://www.redhat.com:8080/HyperNews/get/khg/55/3/1.html The HyperNews >Linux KHG Discussion Pages > > ipfwadm configuration utility > > Forum: The Linux Kernel Hackers' Guide > Re: Can you block or ign...

...ng is that in all examples shown so far it seemed that everyone suggested to leave named full-open. However, it does not always have to be case. Say, if you are running an private network then you want just to allow named get data transfers from trusted host and that is all. [root@eax /root]# cat ipfwadm-named #!/bin/sh #allow connection only from trusted named servers ME="1.2.3.4" # MY ip NS1="10.20.30.41" # IP of the primary name server NS2="10.20.30.42" # IP of the secondary name server NS3="10.20.30.43" # IP of the trietary na...

...x cyber.helix.org helix.org <--put your samba server here (Note: Neither of these entries is a real internet address!) If #2a is the problem, then post back. The following is just a description of an extreme means of finding information on a linux system, assuming you have already tried man ipfwadm and gotten no information. ipfwadm is a bit dated, but you are using on old version of redhat. I don't want to give you wrong information. I do have ipfwadm on my system, but don't use it. However, you can get information about this even if you have no documentation for it. Try, as root:...

I would like to allow certain types of ICMP traffic and not others. Is there a way, with ipfwadm do this? I currently either can deny access to ICMP for what I want or allow it. Any good examples out there? [mod: Please summarize in about a week, OK? -- REW] -- -- #include <std_disclaimer.h> Peter Kelly Email: pkelly@ETS.net PGP Public key: http://www.ets.net/pkelly/pgp.html Key...

...q but I have installed shorewall. This is content of I89tproxy.rul file: #!/bin/sh # # redirect http requests to non-local hosts to the transparent proxy # GPL 2.0 or later (C) 2004 Johannes Martin <jmartin@notamusica.com> # 1. do not redirect http requests to localhost case $MASQMETHOD in ipfwadm) $IPFWADM -I -a accept -P tcp -D localhost 80 ;; ipchains) $IPCHAINS -A input -p tcp -d localhost 80 -j ACCEPT ;; netfilter) $IPTABLES -A INPUT -p tcp -d localhost --dport 80 -j ACCEPT ;; esac # 2. do not redirect http request to hosts on the local network for i in $INTERNA...

...0/24 network. Each Windows workstation will automatically announce itself with a udp packet broadcast to 192.168.15.255 on port 137. So if your OS supports firewalling you can just write a deny rule for packets that meet those criteria. For instance, using Linux, I can write the following rule: ipfwadm -I -a deny -S 192.168.15.0/24 -D 192.168.15.255 137 -P udp which drops all packets destined for the udp netbios-ns port at 137. Of course, you could enable specific machines to be listed by adding additional rules above this one. If, for instance, you wanted the machine at 192.168.15.1 to appear...

Are there any known vulnerabilities in portmap (redhat''s portmap-4.0-7b)? I''ve been receiving a lot of attempts to access the portmap port on some linuxppc machines I administer by various machines which clearly have no business with mine, and I wonder if this is an attempt to break in to my machines. I''ve searched some archives, but I haven''t yet found any

...kpoint-1 and gauntlet. Can someone direct me to a good book or online doc that compares linux to some other firewall methods? Mind you, I''m not talking about a firewall in the classical sense, ie ip forwarding turned off and used as a proxy, but the typical Linux box with masquerading and ipfwadm rules, ipautofw, etc. vs. CheckPoint or whatever. What are the differences in features, security, control, administration, etc. [mod: Replies to Robert please. Robert, please summarize in a week -- REW] -- Robert Bringman, Systems Engineer mailto:rob@trion.com TRION Technologies, Inc...

I''ve kept this one on the back burner for a while, waiting for it to mature before attempting to use it, and now having seen OpenBSD ship with IPSec I''m getting a bit impatient =). What is the status of IPSec for Linux (and more specifically RedHat)? By this I mean I just did some www browsing/etc and found about a half dozen different implimentations, ranging from NRL, to a

On http://grc.com/default.htm I've found some bad news on the above service. It's true that if your windows network expose shared resources AND it is connect to Internet it can be bombed by hacker's attacks ? If yes, how to prevent it thru Linux-Samba ?

...hat it does =-=-=-=-=-=- Sentry monitors your systems for port probing activity and will then take any of the following actions: 1) Log the attacker hostname/IP and ports probed. 2) Run external program. 3) Configure routing table to drop route of attacking host. 4) Configure local packet filter (ipfwadm/ipfw) to drop all packets from attacking host. New Features in version 0.60 =-=-=-=-=-=-=-=-=-=-=-=-=-=- Full stealth scan detection and response ---------------------------------------- Sentry will now detect and respond to stealth scans against your host from advanced scanners such as nmap:...

Following Situation: Having an intranet-application that needs to know the ip-Address of the clients before running. Clients anywere in the Internet with any ip-address. So I thought about using masquerading the opposite way than normal. But then anybody could use this application. Dos anybody know how to make it a little bit more secure, like proofing the mac-address of the client, or something

-----BEGIN PGP SIGNED MESSAGE----- Hi everyone - Someone I''m working with has a requirement to map ethernet card addresses to unique IP addresses, and then have a Linux IP masquerade server know of this mapping list and not allow any data to pass from any ethernet card that a) it doesn''t know about, or b) isn''t assigned the right IP. Ideally it would also log this

...te" engine to track past host connections and alarm when a threshold of connections is past. - The ability to react to a port sweep in real time. Abacus Sentry will take any of the following actions when a port sweep is detected: - Add the target host to the local Linux filter list using ipfwadm. - Drop the route to the target host via the route command. - Add the target host to the local TCP wrappers hosts.deny file. - Execute an external program. - Fully log the attacking host IP and port numbers to syslog. - Uses essentially zero system resources when running. - It''s...

...the signature, and if everything checks out compares the time given in the message to the current system time. If the message is less than 20 mins old (somebody else may have Joe's current IP later on, but we must allow for inaccurate clocks and processing time) the server does something like: ipfwadm -I -a accept -D $SERVER_IP 139 -V $SERVER_IP -P tcp -S $IP_FROM_EMAIL and possibly alerts Joe User in some fashion to tell me that my request has been processed. Joe User then successfully sync's his clock with the server, maps his home directory to drive X: and plays with his favorite M$ pro...

I have a private lan that is connected to the world via 3 dsl lines. I put up a linux box that handles all the dsl lines, lan gateway and all is working well...until...one of the dsl lines goes down. My routing table is: x.x.x.x dev ppp0 proto kernel scope link src x.x.x.x x.x.x.x dev ppp1 proto kernel scope link src x.x.x.x x.x.x.x dev ppp2 proto kernel scope link src x.x.x.x

I''m in the process of locking down as much of my systems here as possible as to available ports. I am down to only a handful but am not sure how much of a security risk they pose and was wondering if anyone here might be able to comment, or suggest secure versions to run: 21/FTP (WU-ftpd v2.4.2 BETA 14) 22/SSH (1.22) 23/TELNET (Netkit 0.09) 25/SMTP (Sendmail

Hi, I want to configure CentOS on powerful server with gigabit adapters as transparent bridge and deploy it in front of server farm. Can you tell how to optimize the OS for hight packet processing? What configurations I need to do to achieve very hight speeds and thousands of packets? -------------- next part -------------- An HTML attachment was scrubbed... URL: