LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-04-2005, 10:48 AM   #16
eantoranz
Senior Member
 
Registered: Apr 2003
Location: Costa Rica
Distribution: Kubuntu, Debian, Knoppix
Posts: 2,092
Blog Entries: 1

Rep: Reputation: 90

Sounds right. I stand corrected (or shall I say improved? ).
 
Old 01-04-2005, 11:23 PM   #17
nirav.jani
Member
 
Registered: Nov 2004
Location: Hyderabad, India
Distribution: Fedora Core - II, RedHat - 9
Posts: 45

Original Poster
Rep: Reputation: 15
I think that I got the best idea about what I asked in first post .
Anything remains still ?
thanx to all the active members
Nirav
 
Old 01-06-2005, 04:26 AM   #18
nirav.jani
Member
 
Registered: Nov 2004
Location: Hyderabad, India
Distribution: Fedora Core - II, RedHat - 9
Posts: 45

Original Poster
Rep: Reputation: 15
One more thing I would like to add here,

What about smurf denial of service attacks, if I am using a rule allowing ESTABLISHED or RELATED traffice.
Follow this link,

http://www.cert.org/advisories/CA-1998-01.html

From this artical I understand that allowing a ESTABLISHED or RELATED traffic of ICMP protocol to pass through the firewall on your pc may cause this SMURF attack.
is it so ? or my understanding is wrong

Nirav
 
Old 01-06-2005, 09:46 AM   #19
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Depends on which part of the attack you're talking about. It consists of several parts: the malicious host(s), a number of "amplifiers" and the target host.

To prevent being used as a smurf amplifier, configure your system not to respond to pings sent to the broadcast IP address. The ESTABLISHED,RELATED rule should drop unsolicited ping packets used to start the attack. If you want to be extra carefull or if you need to allow ping then use:
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

If you are the target of a smurf attack, the ESTABLISHED,RELATED rule will again only drop icmp traffic that you initiate and drop all others. However with most flood-type DoS attacks, it becomes a matter of bandwidth vs bandwidth and if the attacker manages to leverage a large amount against you, then there isn't much you can do. In that case, the best option is to contact your ISP and have them filter the traffic at an upstream router or ideally have the amplifier network shutdown.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Strange Ping Issue - Can't ping localhost but can ping others on LAN code_slinger Linux - Networking 15 03-30-2015 02:39 PM
wlan problem - iwconfig looks good but can't ping koknat Linux - Wireless Networking 13 03-01-2005 07:16 PM
Can ping box to box thru router - good sign? toastermaker Linux - Networking 15 12-07-2003 12:00 AM
ping -f makes OpenBSD stop working ? markus1982 *BSD 2 05-25-2003 09:05 AM
Got good wirelesslink, cannot ping gateway bax Linux - Networking 0 01-13-2002 06:56 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:10 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration