From: "supportnew@byethost.com" <supportnew@byethost.com>
To: netfilter@lists.netfilter.org
Subject: Re: ..prevention, was: syn DDoS attack solution
Date: Thu, 14 Jun 2007 16:13:45 -0400 [thread overview]
Message-ID: <4671A179.7060900@byethost.com> (raw)
In-Reply-To: <Pine.LNX.4.64.0706141541020.9595@darkstar.sysinfo.com>
R. DuFresne wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Wed, 13 Jun 2007, Martin McKeay wrote:
>
>> I'm not directly involved in the firewall for the corporation in my
>> current postion, but as the Security Manager at my last employer, one of
>> the things we did was set up a schedule of regular firewall reviews by a
>> committee consisting of the firewall admin, the network admin and
>> myself. We had a check list of the minimum requirements for the
>> firewalls, including the bogons and a final deny all rule. It was a
>> e-commerce software/hosting company, so we had over 30 firewalls we
>> managed. Our entire IT department, including myself and the IT Director
>> was 7 people, so you can guess this wasn't something people liked making
>> time for, but it saved us a more than once when someone had made a
>> mistake in the firewall configuration.
>>
>> I like the idea of an automatic update, but I think it's more important
>> to have regular peer review of the firewall configuration. It's worked
>> well for me in the past
>>
>
>
> That's kinda a lame cop-out for not wanting to update your online
> documentation and work up some scripts to accompany it. Such a review
> does not have to negate an automated function to deall with blocking
> bogon blocks nor spam controls. And automating such tasks is a good
> way to make sure rules and info are uptodate and currnet, even prior
> to a review.
>
>
> Thanks,
>
> Ron DuFresne
> - -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> admin & senior security consultant: sysinfo.com
> http://sysinfo.com
> Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629
>
> ...We waste time looking for the perfect lover
> instead of creating the perfect love.
>
> -Tom Robbins <Still Life With Woodpecker>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (GNU/Linux)
>
> iD8DBQFGcZp1st+vzJSwZikRAuv+AKDRGgGHaO010LFNxEqB5lYQoFzY4QCdEA4L
> 5QXNf/5/W6UUAyGLgH7O7+M=
> =uzzl
> -----END PGP SIGNATURE-----
>
>
Hi All,
For your info , the APF iptables firewall script has a bogon blocker ,
and also a cron mechanism to update the bogon list.
It also has some other excellent features such as
reactive address blocking (RAB), next generation in-line intrusion
prevention
packet flow rate limiting that prevents abuse on the most widely abused
protocol, icmp
dshield.org block list support to ban networks exhibiting suspicious
activity
advanced packet sanity checks to make sure traffic coming and going
meets the strictest of standards
filter attacks such as fragmented UDP, port zero floods, stuffed
routing, arp poisoning and more
configurable kernel hooks (ties) to harden the system further to
syn-flood attacks & routing abuses
I would suggest you have a look at the script.
Kev
next prev parent reply other threads:[~2007-06-14 20:13 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-05-31 16:19 syn DDoS attack solution Bgs
2007-05-31 19:57 ` R. DuFresne
2007-06-01 9:45 ` Bgs
2007-05-31 20:08 ` Ric Messier
2007-06-01 1:20 ` Tony.Ho
2007-06-01 9:44 ` Bgs
2007-06-01 15:01 ` Ric Messier
2007-06-01 15:37 ` Bgs
2007-06-02 19:07 ` R. DuFresne
2007-06-04 14:22 ` Ric Messier
2007-06-04 17:24 ` Martin McKeay
2007-06-04 23:16 ` R. DuFresne
2007-06-05 8:29 ` Bgs
2007-06-05 14:16 ` Steven M Campbell
2007-06-05 15:22 ` ..prevention, was: " Arnt Karlsen
2007-06-05 15:40 ` Steven M Campbell
2007-06-05 15:40 ` Steven M Campbell
2007-06-05 18:34 ` Arnt Karlsen
2007-06-07 18:41 ` Martin McKeay
2007-06-08 1:40 ` Arnt Karlsen
2007-06-12 18:10 ` Martin McKeay
2007-06-12 22:44 ` R. DuFresne
2007-06-13 14:24 ` Martin McKeay
2007-06-13 17:26 ` Arnt Karlsen
2007-06-13 17:44 ` Martin McKeay
2007-06-14 19:43 ` R. DuFresne
2007-06-14 20:13 ` supportnew [this message]
2007-06-01 21:34 ` Martijn Lievaart
2007-06-01 21:37 ` Martijn Lievaart
2007-06-01 21:38 ` Ric Messier
2007-06-01 23:09 ` Ethy H. Brito
2007-06-19 18:22 ` R. DuFresne
2007-06-19 22:19 ` Robert Nichols
2007-06-19 23:02 ` Pascal Hambourg
2007-06-21 18:26 ` R. DuFresne
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4671A179.7060900@byethost.com \
--to=supportnew@byethost.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.