Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm interested in finding online resources where I can get some general practical advice about tcp-flags rules. Please don't point me to frozentux. I've read almost everything I needed to know. I'm interested in a site such as this one, http://www.k-state.edu/its/security/...pt_Handout.pdf of whose accuracy I'm not entirely sure.
I understand a few rules, such as rejecting new connections that don't have the syn flag set and so on, but I suppose there must be a set of general practical rules that apply to most scenarios that I can use or pick from.
Any ideas? Would the site I've linked to be roughly enough for what I'm looking for?
And please, don't start by telling me to read iptables tutorials before posting and crap like that, as I know many of you are used to doing I have read quite a lot, but oftentimes the most useful and basic pieces of information are almost nowhere to be found. I did search, but I wasn't able to find what I'm looking for. There's no point in coming up with my own rules (I'm talking only about general tcp-flags rules here), as they might have major flaws, when cleverer people have found out better solutions by now.
You started out here and all was good. Actually your questions here make more sense because you actively discuss TCP flag specifics (regardless of how that discussion went down, OK, maybe that's what the "crap" part originates from, idk ;-p)
I don't agree with not writing your own rule set: we ("we" as in all of us who need to know TCP/IP Suite intricacies for work and pleasure) all need to go down that route of learning a lot. Mastering the stuff, show a good understanding of things, is done by expressing what you know in your own rule set.
For example when I started out with ipfwadm and ipchains I was concerned about TCP flags and such but nowadays I don't care that much anymore (OK, in the context of end point hardening), because the real threat isn't a Xmas or FIN scan (OK, there'll always be devices that can't cope) but due to better edge hardware / filtering, detection methods and mitigation techniques it's mostly application level (layer 7) or wetware (layer 8 ;-p) threats these days.
Quote:
Originally Posted by vincix
Any ideas? Would the site I've linked to be roughly enough for what I'm looking for?
The old rule set in the PDF link you posted was a result of knowing ways scans could be performed. If you're interested in that why not do some reading of nmap docs on scan techniques? Or else, and I would really recommend it, is to find out more about TCP/IP itself first (like say www.tcpipguide.com) because things like the Three Way Handshake and the Five Way Teardown (and anomalies) are what makes things interesting?..
I guess my wording wasn't as clever as I wanted it to be. I don't mean to say that I shouldn't write my own rules, but there are some, how should I say, common patterns that could help me.
I know the basics of TCP/IP. I finished CCNA. I guess I wanted more practical advice. Someone recommended using csf on linux servers, for instance, but said that on a linux router he'd use customised iptables. As far as I know, lots of integrated firewalls have integrated rules similar to those in my link (syn flood etc.) - I wrote this part before reading all your post, sorry
The point is, I do want to learn as much as possible and understand whatever a firewall is doing even if I don't need to edit those default rules, but I'd also like to be practical about it. I don't want to start writing all sorts of tcp-flags rules every time I configure a server when they're automatically integrated in smart software. So I'd also like to focus my resources on something more practical. I know I'm a little bit ambiguous, but I guess I don't know how to approach the whole problem myself.
Anyway, I will have a look at your tcpguide, nonetheless. Might find some useful things.
Don't want to be mean, but I'm really not interested in spending $50 on a 20-year old book (the other two that deal with TCP are even older) that addresses IT. I'm not saying that the book is bad, and the fundamentals haven't changed I suppose, but even so, I'd prefer something more contemporary.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.