hi, i've almost finished the firewall ( for a labotory ) and i would know what you think about my solution :
* to protect against syn-flooding : echo 1 > /proc/sys/net/ipv4/tcp_syncookies * to protect against smurf amplification : echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts * to protect against spoofing : i'm doing test on source and destination * to protect against ping of DEATH : $IPTABLES --append FORWARD -p icmp --icmp-type echo-request --match limit --limit 1/s --jump ACCEPT * to protect against UDP flooding : i don't know yet, i heard about udp flood with chargen(19) and echo(7), must i forbid these ports ?? * to protect against Tcp session hijacking, arp spoffing, dns spoofing and cache poisoning ... i think this is not the job for the firewall ... isn't it ? * to protect against tiny fragments and frangment overlapping nothing yet... the only thing i know is that i can't forbid incoming fragment packet... is there a solution against these 2 attacks ? * to protect against all others attacks : nothing yet... last thing i heard an attack on port 0 with UDP can i forbid this port ? what is port 0 ? is true ? too many questions ... sorry :) 1000 times thanks ________________________________________________________ Outgrown your current e-mail service? Get a 25MB Inbox, POP3 Access, No Ads and No Taglines with LYCOS MAIL PLUS. http://login.mail.lycos.com/brandPage.shtml?pageId=plus -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]