[Dshield] Is it true that Linux users do not fear Viruses and Trojans (+ some vital questions)

Jens Knoell jens at ing.twinwave.net
Fri Oct 11 21:14:00 GMT 2002


From: "Manuel Lanctot" <pacu at sympatico.ca>
> On Thursday 10 October 2002 05:03 pm, John Draper wrote:
> > >1) Firewalls can fail to stop a determined intruder.
> >
> > YOu need an indrusion prevention system...   some system that would link
an
> > IDS into something that can "cut off" the attacker,   and better backup
> > policy.
>
> That's the combo I use. Iptables blocks everything by default but since I
have a
> website, it keeps the 80 port open. Then, the IDS watches this port for
everything
> suspicious. If an alert is triggered, a new rule is added in iptables to
block the offenser.
> Physical firewalls excepted, IMO this is one of the best defense combo for
a home server
> (and it's free).

Except that this in itself leaves you open for a DoS attack. Imagine someone
sending you forged "attack" packets which appear to come from, say, the root
nameservers and any local nameservers that might serve your connection...
poof, connection gone. Works like a charm against many many firewall+ids
combos out there.

Jens




More information about the list mailing list