[Dshield] IP Chains.

Johannes B. Ullrich jullrich at euclidian.com
Wed Oct 17 19:40:29 GMT 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


The best way to do this is to use iptables instead of ipchains ;-).
ipchains does not track connections. But you can do a bit of filtering
using ipchains...

- - refuse all packets that come in to ports < 1024
- - refuse all TCP packets to ports > 1024 with SYN set.

its not perfect. you are till open to stealth scans. But as long as you
have nothing listening anyway, this is fine. And the best defense is to
have nothing listening...

If its a home system and you have time, you can just close and log
everything and open up things as you see the errors show up in your log
until all applications you need work.


On Wed, 17 Oct 2001, Donnie C. Moss wrote:

> All,
>
> Does any one know how to setup an ipchains rule that will allow only
> established connections through?  My goal is to close all ports not used
> (even those greater than 1024) but still allow traffic through them as a
> responce to a legimitate request.
>
> Donnie
>
>
> /------------------------\
> | Donnie Moss, CCNA, MCP |
> | Network Administrator  |
> | dcm at ugnet.org          |
> | http://www.ugnet.org   |
> \------------------------/
>
>
>
>
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see: http://www1.dshield.org/mailman/listinfo/dshield
>

- -- 
- -------
jullrich at sans.org                    Join http://www.DShield.org
                          Distributed Intrusion Detection System

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7zd6vVOIizK5pIDMRApIiAKDFwArMcQslYma1s6/KdkenJMVhHACgzcap
SvWN/3Gg+8z3FKo8qdm63I4=
=xK89
-----END PGP SIGNATURE-----




More information about the list mailing list