How to configure iptables to block a land attack?

How to configure iptables to block a land attack?

[Sadanapalli, Pradeep Kumar (MED, TCS)]

Hi Friends,
Can anyone tell me how should I configure my IPTABLES Firewall to block
a LAND ATTACK?
I am new to firewalling..I am running RedHat Linux 8.0 and iptables.

Can anyone send me a standard iptables configuration for all the common
attacks?
I would like to know what are all the common atacks and explaination
about them.
Can you direct me to some good link where I can find information on this
topic?

Thanks and Regards,
Pradeep



-----Original Message-----
From: terry white [mailto:twhite@aniota.com]
Sent: Friday, March 14, 2003 2:18 AM
To: linux-admin
Subject: RE: how to minimize/maximize/restore an open window in linux
...


on "3-13-2003" "Sadanapalli, Pradeep Kumar (MED, TCS)" writ:

: I am using RedHat linux 8.0 . I am running KDE .

... that is the install i'm running on one of my machines.

    i just checked, and when a window is open, 'left' click on the '-'
at
the "top right" of that window, and it disappears into a 'pane' at the
bottom of the desktop.  'left' click that, and it reappears ...


-- 
... i'm a man, but i can change,
    if i have to , i guess ...

-
To unsubscribe from this list: send the line "unsubscribe linux-admin"
in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: How to configure iptables to block a land attack?

[terry white]

on "3-14-2003" "Sadanapalli, Pradeep Kumar (MED, TCS)" writ:

: I would like to know what are all the common atacks and explaination
: about them.

... first:

   let me suggest one of the security related lists at
'securityfocus.com'.  the kind of information you're after beyond the
domain of this list, as, it's a study unto itself.

    i would suggest you take a look at "http://www.bastille-linux.org"
for 'bstille-linux'.  it's an aotomated firewall configuration package
that includes a worthwhile tutorial.

    it is important to understand that the services you run are a major
contributor to security, or its lack ...


-- 
... i'm a man, but i can change,
    if i have to , i guess ...

Re: How to configure iptables to block a land attack?

[Tace]

Hi,

http://www.linux-firewall-tools.com/linux/

Try this link or use Google.com to search

Land Attack is when a spoofed packet with its source and dest. address
set to ur localhost addr (127.0.0.1) is send to u via ext. interface
(someone correct me if i am wrong :) )

Just configure ur iptables to reject packets from interfaces with
source addr = 127.0.0.1 and dest addr = 127.0.0.1

Tace

---
Consciousness: 
   that annoying time between naps
The only cure for insomnia is:
   to get more sleep


On Fri, 14 Mar 2003 15:34:51  
 Sadanapalli, Pradeep Kumar (MED, TCS) wrote:
>Hi Friends,
>Can anyone tell me how should I configure my IPTABLES Firewall to block
>a LAND ATTACK?
>I am new to firewalling..I am running RedHat Linux 8.0 and iptables.
>
>Can anyone send me a standard iptables configuration for all the common
>attacks?
>I would like to know what are all the common atacks and explaination
>about them.
>Can you direct me to some good link where I can find information on this
>topic?
>
>Thanks and Regards,
>Pradeep
>
>
>
>-----Original Message-----
>From: terry white [mailto:twhite@aniota.com]
>Sent: Friday, March 14, 2003 2:18 AM
>To: linux-admin
>Subject: RE: how to minimize/maximize/restore an open window in linux
>...
>
>
>on "3-13-2003" "Sadanapalli, Pradeep Kumar (MED, TCS)" writ:
>
>: I am using RedHat linux 8.0 . I am running KDE .
>
>... that is the install i'm running on one of my machines.
>
>    i just checked, and when a window is open, 'left' click on the '-'
>at
>the "top right" of that window, and it disappears into a 'pane' at the
>bottom of the desktop.  'left' click that, and it reappears ...
>
>
>-- 
>... i'm a man, but i can change,
>    if i have to , i guess ...
>
>-
>To unsubscribe from this list: send the line "unsubscribe linux-admin"
>in
>the body of a message to majordomo@vger.kernel.org
>More majordomo info at  http://vger.kernel.org/majordomo-info.html
>-
>To unsubscribe from this list: send the line "unsubscribe linux-admin" in
>the body of a message to majordomo@vger.kernel.org
>More majordomo info at  http://vger.kernel.org/majordomo-info.html
>


_____________________________________________________________
Get 25MB, POP3, Spam Filtering with LYCOS MAIL PLUS for $19.95/year.
http://login.mail.lycos.com/brandPage.shtml?pageId=plus&ref=lmtplus

Re: How to configure iptables to block a land attack?

[terry white]

... shamelessly stolen: (courtesy goodle)

   Description: Sending a packet to a machine with the source host/port
   the same as the destination host/port crashes a lot of boxes.
   Author: m3lt <meltman@LAGGED.NET>
   Compromise: Remote DOS attack (reboots many systems)
   Vulnerable Systems: Windows95, Windows NT 4.0, WfWG 3.11, FreeBSD
   Date: 20 November 1997

on "3-16-2003" "Tace  " writ:

: Land Attack is when a spoofed packet with its source and dest. address
: set to ur localhost addr (127.0.0.1) is send to u via ext. interface
: (someone correct me if i am wrong :) )


    my ipaddr is 206.124.156.178.  given the above.  the "land attack"
would set 'source' and 'destination' addresses to "206.124.156.178", with
identical port numbers.

    127.0.0.1 is defined as 'localhost' and won't route.


: Just configure ur iptables to reject packets from interfaces with
: source addr = 127.0.0.1 and dest addr = 127.0.0.1

    could be wrong, but i doubt a packet with the localhost ip is going
to see any such interface ...


-- 
... i'm a man, but i can change,
    if i have to , i guess ...

Re: How to configure iptables to block a land attack?

[Glynn Clements]

Tace   wrote:

> Just configure ur iptables to reject packets from interfaces with
> source addr = 127.0.0.1 and dest addr = 127.0.0.1

More generally, source and destination addresses should match the
interface; in most cases:

1. 127.x.x.x shouldn't occur as either the source or destination
address for any interface other than loopback.

2. Packets with one of your IP addresses as the destination address
shouldn't be sent to any interface except loopback, and packets with
one of your IP addresses as the source address shouldn't be received
from any interface except loopback.

3. Private IP addresses (e.g. 192.168.x.x) shouldn't occur as either
the source or destination address for an external (e.g. dial-up)
interface.

4. Routable local IP addresses shouldn't occur as the destination
address for any packet sent to an external (e.g. dial-up) interface,
and shouldn't occur as the source address for any packet received from
an external interface.

-- 
Glynn Clements <glynn.clements@virgin.net>

Re: How to configure iptables to block a land attack?

[Ben Clewett]

Asking for a 'standard iptables configuration for all the common 
attacks' is asking for a lot!!!

There are many way of setting up a firewall, and you have to take into 
account how it will work.  Including DNS, Email, NAT, NAPT, Routing 
protocols, ICMP options, DNZ's etc...

Also it depends what you have compiled into your kernel for what options 
area available to you.  A 'standard' set may fail because of this and 
leave you unwittingly vunerable!  Compiling everything there is into 
your kernel is not the correct answer here.

Even worse, there are considerations of load, logging, QoS...

Maybe you want a VPN as well, or backup routs when primary failes...

For instance my 'standard' set, which has taken me six months to 
produce, has nearly a 1000 rules, thirty or so flags, very complex 
logging, QoS, VPN support, using MySQL to post-store and analyse the logs...

I started by reading 'Linux Firewalls' (second edition) from Ziegler, 
New Riders.  This has a selection of common iptables setups you can copy 
and edit the way you want...

Alternativelly, use something like SuSE or Redhat which has it's own 
'standard set' built in. :)

Good luck...

Ben

Sadanapalli, Pradeep Kumar (MED, TCS) wrote:
> Hi Friends,
> Can anyone tell me how should I configure my IPTABLES Firewall to block
> a LAND ATTACK?
> I am new to firewalling..I am running RedHat Linux 8.0 and iptables.
> 
> Can anyone send me a standard iptables configuration for all the common
> attacks?
> I would like to know what are all the common atacks and explaination
> about them.
> Can you direct me to some good link where I can find information on this
> topic?
> 
> Thanks and Regards,
> Pradeep
> 
> 
> 
> -----Original Message-----
> From: terry white [mailto:twhite@aniota.com]
> Sent: Friday, March 14, 2003 2:18 AM
> To: linux-admin
> Subject: RE: how to minimize/maximize/restore an open window in linux
> ...
> 
> 
> on "3-13-2003" "Sadanapalli, Pradeep Kumar (MED, TCS)" writ:
> 
> : I am using RedHat linux 8.0 . I am running KDE .
> 
> ... that is the install i'm running on one of my machines.
> 
>     i just checked, and when a window is open, 'left' click on the '-'
> at
> the "top right" of that window, and it disappears into a 'pane' at the
> bottom of the desktop.  'left' click that, and it reappears ...
> 
> 

RE: How to configure iptables to block a land attack?

[Sadanapalli, Pradeep Kumar (MED, TCS)]

Thanks a lot to you all for your responses. The information you all
provided
really helped me a lot. Now I have one more issue.

I am not using Statically Linked IP Address. I am using DHCP for
configuring my network.
In that case, how should I configure my firewall(iptables) to block Land
Attack.

If it was a statically linked IP address, and if my IP address was
203.116.14.1(say),
then I can use
	iptables -A INPUT -s 203.116.14.1 -d 203.116.14.1 -j DROP

but for DHCP configuration, how should I do this?
Please help me.

Thanks,
Pradeep


-----Original Message-----
From: Glynn Clements [mailto:glynn.clements@virgin.net]
Sent: Saturday, March 15, 2003 1:43 PM
To: linux-admin
Subject: Re: How to configure iptables to block a land attack?



Tace   wrote:

> Just configure ur iptables to reject packets from interfaces with
> source addr = 127.0.0.1 and dest addr = 127.0.0.1

More generally, source and destination addresses should match the
interface; in most cases:

1. 127.x.x.x shouldn't occur as either the source or destination
address for any interface other than loopback.

2. Packets with one of your IP addresses as the destination address
shouldn't be sent to any interface except loopback, and packets with
one of your IP addresses as the source address shouldn't be received
from any interface except loopback.

3. Private IP addresses (e.g. 192.168.x.x) shouldn't occur as either
the source or destination address for an external (e.g. dial-up)
interface.

4. Routable local IP addresses shouldn't occur as the destination
address for any packet sent to an external (e.g. dial-up) interface,
and shouldn't occur as the source address for any packet received from
an external interface.

-- 
Glynn Clements <glynn.clements@virgin.net>
-
To unsubscribe from this list: send the line "unsubscribe linux-admin"
in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html