LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 03-01-2004, 11:20 AM   #1
basbosco
Member
 
Registered: Nov 2003
Posts: 33

Rep: Reputation: 15
Thumbs up how to prevent Bogons ?


HI

I am struggling to prevent the bogus list ..I am getting teh bogus mail in /var/spool/mail list.. I don'nt know how to prevent the bogus list?

Kindly help me to prevent ..

How to prevent the bogon network in the iptables ?

How to prevent Dos attack?

I am waiting for ur reply. Thank u very much.

Regards
Basbosco
 
Old 03-01-2004, 11:28 AM   #2
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
List of bogon networks may be found right here. Note that they update their list as ARIN (and others) add and remove allocations.

PS, if someone tells him to just ignore bogons, I'll kick you in the groin. Ignoring spoofing and/or improper configurations is not the secure thing to do.

Last edited by chort; 03-01-2004 at 11:29 AM.
 
Old 03-01-2004, 11:37 AM   #3
basbosco
Member
 
Registered: Nov 2003
Posts: 33

Original Poster
Rep: Reputation: 15
solution needed

Hi

please don't scold me .. I don't know how to do.

Please give me proper solution .


Regards
Basbosco
 
Old 03-01-2004, 12:06 PM   #4
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Don't worry, the last part wasn't directed at you, basbosco. Some people here give bad advice and tell newbies to just ignore bogons, which is wrong. What you're trying to do is correct.

The link I posted above (click on where it says "right here") goes to a list of bogon networks, but I posted the link to the main page so if you bookmark it, you'll have the right place. They update the list from time to time. If you want to just directly download the list, you can get it by clicking here. All that is left is to save that to a file and have netfilter/iptables load the file into it's block list. You should apply the blocking rule to your Internet NIC, because all these IPs are spoofed if they try to come in from the Internet.

I know how to do this in OpenBSD with PF, but I do not recall how to do it with netfilter/iptables. Maybe someone that is more familiar with iptables can show you how.

Preventing DoS attacks is a lot harder. First off, you cannot prevent any attack that uses up all your bandwidth. Only your ISP (and their carrier) can help with that. For simple things like ping floods, SYN floods, etc you can help a little. Turn on TCP SYN cookies to help with the possibility of a SYN flood. Also, you can add some rate limit options to iptables, but again I don't know the syntax for that, maybe someone else can help.
 
Old 03-01-2004, 03:53 PM   #5
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
See here... http://www.linuxquestions.org/questi...hreadid=128351
 
Old 03-01-2004, 10:35 PM   #6
benjithegreat98
Senior Member
 
Registered: Dec 2003
Location: Shelbyville, TN, USA
Distribution: Fedora Core, CentOS
Posts: 1,019

Rep: Reputation: 45
if you download http://www.cymru.com/Documents/bogon-bn-agg.txt into a file called something like /etc/firewall/ip_spoof.list then you can put this in your firewall defs

Code:
for ipaddr in `cat /etc/firewall/ip_spoof.list`
do
  iptables -A INPUT -s $ipaddr -i eth0 -j ip_spoof
  iptables -A FORWARD -s $ipaddr -i eth0 -j ip_spoof
done

iptables -N ip_spoof
iptables -A ip_spoof -j LOG --log-prefix IP_SPOOF
iptables -A ip_spoof -j DROP
this is what I have for my router/firewall so you may not be able to use it verbatim.

Last edited by benjithegreat98; 03-01-2004 at 10:37 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
how to unDROP ex-bogons in iptables ciscohead Linux - Networking 8 12-20-2004 12:30 PM
How to prevent the bogons? basbosco Linux - Security 1 03-01-2004 02:22 PM
iptables prevent some allow some john8675309 Linux - Software 6 02-02-2004 10:38 AM
How to prevent users from --> Drogo Linux - Software 7 01-31-2004 11:03 PM
prevent an IP to get out? jimval7 Linux - Security 16 05-09-2003 09:58 AM


All times are GMT -5. The time now is 08:15 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration