LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-23-2015, 07:58 AM   #1
vincix
Senior Member
 
Registered: Feb 2011
Distribution: Ubuntu, Centos
Posts: 1,032

Rep: Reputation: 76
iptables scripts (with tcp flags)


Hi,

I'm interested in finding online resources where I can get some general practical advice about tcp-flags rules. Please don't point me to frozentux. I've read almost everything I needed to know. I'm interested in a site such as this one, http://www.k-state.edu/its/security/...pt_Handout.pdf of whose accuracy I'm not entirely sure.

I understand a few rules, such as rejecting new connections that don't have the syn flag set and so on, but I suppose there must be a set of general practical rules that apply to most scenarios that I can use or pick from.

Any ideas? Would the site I've linked to be roughly enough for what I'm looking for?

And please, don't start by telling me to read iptables tutorials before posting and crap like that, as I know many of you are used to doing I have read quite a lot, but oftentimes the most useful and basic pieces of information are almost nowhere to be found. I did search, but I wasn't able to find what I'm looking for. There's no point in coming up with my own rules (I'm talking only about general tcp-flags rules here), as they might have major flaws, when cleverer people have found out better solutions by now.
 
Old 12-23-2015, 04:31 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582
Quote:
Originally Posted by vincix View Post
Hi,
Hello again.


You started out here and all was good. Actually your questions here make more sense because you actively discuss TCP flag specifics (regardless of how that discussion went down, OK, maybe that's what the "crap" part originates from, idk ;-p)

I don't agree with not writing your own rule set: we ("we" as in all of us who need to know TCP/IP Suite intricacies for work and pleasure) all need to go down that route of learning a lot. Mastering the stuff, show a good understanding of things, is done by expressing what you know in your own rule set.

For example when I started out with ipfwadm and ipchains I was concerned about TCP flags and such but nowadays I don't care that much anymore (OK, in the context of end point hardening), because the real threat isn't a Xmas or FIN scan (OK, there'll always be devices that can't cope) but due to better edge hardware / filtering, detection methods and mitigation techniques it's mostly application level (layer 7) or wetware (layer 8 ;-p) threats these days.


Quote:
Originally Posted by vincix View Post
Any ideas? Would the site I've linked to be roughly enough for what I'm looking for?
The old rule set in the PDF link you posted was a result of knowing ways scans could be performed. If you're interested in that why not do some reading of nmap docs on scan techniques? Or else, and I would really recommend it, is to find out more about TCP/IP itself first (like say www.tcpipguide.com) because things like the Three Way Handshake and the Five Way Teardown (and anomalies) are what makes things interesting?..
 
Old 12-30-2015, 01:44 AM   #3
vincix
Senior Member
 
Registered: Feb 2011
Distribution: Ubuntu, Centos
Posts: 1,032

Original Poster
Rep: Reputation: 76
I guess my wording wasn't as clever as I wanted it to be. I don't mean to say that I shouldn't write my own rules, but there are some, how should I say, common patterns that could help me.

I know the basics of TCP/IP. I finished CCNA. I guess I wanted more practical advice. Someone recommended using csf on linux servers, for instance, but said that on a linux router he'd use customised iptables. As far as I know, lots of integrated firewalls have integrated rules similar to those in my link (syn flood etc.) - I wrote this part before reading all your post, sorry

Since my post here I've also found this link https://www.sans.org/reading-room/wh...ues-defense-70.

The point is, I do want to learn as much as possible and understand whatever a firewall is doing even if I don't need to edit those default rules, but I'd also like to be practical about it. I don't want to start writing all sorts of tcp-flags rules every time I configure a server when they're automatically integrated in smart software. So I'd also like to focus my resources on something more practical. I know I'm a little bit ambiguous, but I guess I don't know how to approach the whole problem myself.

Anyway, I will have a look at your tcpguide, nonetheless. Might find some useful things.

Last edited by vincix; 12-30-2015 at 01:51 AM.
 
Old 12-30-2015, 04:24 PM   #4
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.10, Centos 7.5
Posts: 17,670

Rep: Reputation: 2487Reputation: 2487Reputation: 2487Reputation: 2487Reputation: 2487Reputation: 2487Reputation: 2487Reputation: 2487Reputation: 2487Reputation: 2487Reputation: 2487
W. Richard Stevens wrote some of the classics on this subject - see the home page http://www.kohala.com/start/
 
Old 12-31-2015, 09:46 AM   #5
vincix
Senior Member
 
Registered: Feb 2011
Distribution: Ubuntu, Centos
Posts: 1,032

Original Poster
Rep: Reputation: 76
Quote:
Originally Posted by chrism01 View Post
W. Richard Stevens wrote some of the classics on this subject - see the home page http://www.kohala.com/start/
Don't want to be mean, but I'm really not interested in spending $50 on a 20-year old book (the other two that deal with TCP are even older) that addresses IT. I'm not saying that the book is bad, and the fundamentals haven't changed I suppose, but even so, I'd prefer something more contemporary.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables tcp flags scripts vincix Linux - Newbie 5 04-07-2015 10:41 AM
iptables question - tcp-flags kathys39 Linux - Security 4 03-05-2012 04:58 PM
Accessing TCP flags in TCP packets on Linux using C !! vishamr2000 Programming 2 10-16-2006 09:46 AM
TCP-Flags?? X11 Linux - Networking 1 04-09-2002 02:41 AM
--tcp-flags bbenz3 Linux - Networking 2 03-12-2002 04:07 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 01:38 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration