FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

LinkBack Thread Tools
Old 12-27-2007, 08:57 PM
"Daniel B. Thurman"
Default On Securing the Linux system from intrusions and attacks.

John Summerfield and Tom Horsley wrote
>Subject: Re: [Fedora] Seeing input on Securing the Linux system from
>intrusions and attacks.
>Daniel B. Thurman wrote:
>> I have finally got my F8 setup and running so now I am reviewing the
>> security issues that needs to be taken into account.
>> [snip!]
>> Does anyone have any advice, links to great sites focused on security
>> and how to secure your Linux box against intrusions and attacks?
>What you need to do depends on what you're trying to protect.
> [snip!]


John: vpn, shorewall, don't use hosts.{allow,deny} because of iptables,
systems cannot be port-scanned, keep watching logs. Firewall to
control spam + use of "countermeasures" and manuall add block.

Tom: ssh only. All other ports blocked(?).


Well, what I am trying to protect against? Well some are
identified below but not limited to these. I found via
iptraf, some of the things I added to the list below:

1) General iptable schemes to otherwise block IPs, domains,
and general attacks such as those identified below. I am
not well-versed in the use of iptables which is why I use
firestarter at the moment and I haven't yet learned how to
use shorewall as advised by John.
2) SYN/FIN/RST/CAN combo attacks
I have seen a iptable "technique" to block various
forms/combinations of SYN/FIN/RST/CAN combos. I
cannot forsee the end-results of these attacks but it
causes me some consternation. I get reports daily
on these via my HW SonicWall firewall appliance and
have no idea what to do. All I see are MAC addresses as
"they" hide their source/destination OR are using
packet schemes I do not recognize. Are these harmful,
harmless, hog resources, or what? Beats me.
3) DDos/Spoof attacks
My ports are "hammered" at times causing resource hogs.
4) Foil Port-scanner intrusions (various schemes)
You can see "them", "walking the dog".
5) DNS attacks
"They" are attempting to update/modify table entries.
6) Sendmail Spams, viruses, ...
I am learning, trying to find ways to greylist, blacklist,
regex, pattern/keyword blocks, ... but I am not there yet.
As it is, it is very time consuming manually identifying
spammer's IP/domain names and adding them to the block
list. As it is, I get messages with [SPAM] marked and
yet I still have to deal with them (deleting them) instead
of not simply not wishing to receive them and some find
find ways around spamassassin/clamav anyway.
7) Database attacks (MySql, PostgreSQL, ...)
"They" are probing for holes, trying brute-force password
cracking, and DDos attacks, or so it seems.
8) Website attacks (Apache, Tomcat, and others...)
The same as above (7) but with more tricks since there are a lot
of "doors" to attack. Yes, I am being vague in the interest of

Anyway, this is my "short" list that I am working on right now, so I
guess I have a lot of work to do.

No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.516 / Virus Database: 269.17.9/1198 - Release Date: 12/26/2007 5:26 PM

fedora-list mailing list
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Thread Tools

All times are GMT. The time now is 05:05 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org