Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 03-01-2004, 12:20 PM   #1
Registered: Nov 2003
Posts: 33

Rep: Reputation: 15
Thumbs up how to prevent Bogons ?


I am struggling to prevent the bogus list ..I am getting teh bogus mail in /var/spool/mail list.. I don'nt know how to prevent the bogus list?

Kindly help me to prevent ..

How to prevent the bogon network in the iptables ?

How to prevent Dos attack?

I am waiting for ur reply. Thank u very much.

Old 03-01-2004, 12:28 PM   #2
Senior Member
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
List of bogon networks may be found right here. Note that they update their list as ARIN (and others) add and remove allocations.

PS, if someone tells him to just ignore bogons, I'll kick you in the groin. Ignoring spoofing and/or improper configurations is not the secure thing to do.

Last edited by chort; 03-01-2004 at 12:29 PM.
Old 03-01-2004, 12:37 PM   #3
Registered: Nov 2003
Posts: 33

Original Poster
Rep: Reputation: 15
solution needed


please don't scold me .. I don't know how to do.

Please give me proper solution .

Old 03-01-2004, 01:06 PM   #4
Senior Member
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Don't worry, the last part wasn't directed at you, basbosco. Some people here give bad advice and tell newbies to just ignore bogons, which is wrong. What you're trying to do is correct.

The link I posted above (click on where it says "right here") goes to a list of bogon networks, but I posted the link to the main page so if you bookmark it, you'll have the right place. They update the list from time to time. If you want to just directly download the list, you can get it by clicking here. All that is left is to save that to a file and have netfilter/iptables load the file into it's block list. You should apply the blocking rule to your Internet NIC, because all these IPs are spoofed if they try to come in from the Internet.

I know how to do this in OpenBSD with PF, but I do not recall how to do it with netfilter/iptables. Maybe someone that is more familiar with iptables can show you how.

Preventing DoS attacks is a lot harder. First off, you cannot prevent any attack that uses up all your bandwidth. Only your ISP (and their carrier) can help with that. For simple things like ping floods, SYN floods, etc you can help a little. Turn on TCP SYN cookies to help with the possibility of a SYN flood. Also, you can add some rate limit options to iptables, but again I don't know the syntax for that, maybe someone else can help.
Old 03-01-2004, 04:53 PM   #5
Senior Member
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 48
See here...
Old 03-01-2004, 11:35 PM   #6
Senior Member
Registered: Dec 2003
Location: Shelbyville, TN, USA
Distribution: Fedora Core, CentOS
Posts: 1,019

Rep: Reputation: 45
if you download into a file called something like /etc/firewall/ip_spoof.list then you can put this in your firewall defs

for ipaddr in `cat /etc/firewall/ip_spoof.list`
  iptables -A INPUT -s $ipaddr -i eth0 -j ip_spoof
  iptables -A FORWARD -s $ipaddr -i eth0 -j ip_spoof

iptables -N ip_spoof
iptables -A ip_spoof -j LOG --log-prefix IP_SPOOF
iptables -A ip_spoof -j DROP
this is what I have for my router/firewall so you may not be able to use it verbatim.

Last edited by benjithegreat98; 03-01-2004 at 11:37 PM.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
how to unDROP ex-bogons in iptables ciscohead Linux - Networking 8 12-20-2004 01:30 PM
How to prevent the bogons? basbosco Linux - Security 1 03-01-2004 03:22 PM
iptables prevent some allow some john8675309 Linux - Software 6 02-02-2004 11:38 AM
How to prevent users from --> Drogo Linux - Software 7 02-01-2004 12:03 AM
prevent an IP to get out? jimval7 Linux - Security 16 05-09-2003 10:58 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:03 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration