Re: [Haifux] A suggestion for a lecture - How to protect your network, using IPtables.
Hello Adir. As you may recall, I gave a lecture about iptables, which covered both masquerading and some basic firewalling. But it seems like iptables is a very popular topic: The knockout winner of google searches, that bring people to my site, is exactly iptables and masquerading (since I keep my lecture slides there as well). So obviously, there is a demand. And yes, I treated firewalling as a side issue in my lecture. After all, we trust our fellow internet users, don't we? ;) Do have a look on my slides. You may find the sketches useful. It seems to me that those who are with Haifux for a long time will not be so interested, while the Staying-in-Linux audience can find it very useful. Besides, that's your chance to get a slot before May. ;) And what I see happening is that we get two tracks of lectures: One for experts and one for newbies. I think this is a great thing. Maybe we should make this official. Eli -- Web: http://www.billauer.co.il -- Haifa Linux Club Mailing List (http://www.haifux.org) To unsub send an empty message to [EMAIL PROTECTED]
Re: [Haifux] A suggestion for a lecture - How to protect your network, using IPtables.
Hi Eli, On Sun, 18 Jan 2004, Eli Billauer wrote: As you may recall, I gave a lecture about iptables, which covered both masquerading and some basic firewalling. But it seems like iptables is a Yes, I remember that. And yes, I treated firewalling as a side issue in my lecture. After all, we trust our fellow internet users, don't we? ;) Ofcourse we do ;) Firewalling is not going to be a side issue of my lecture. I will focus more on the filter options part of IPTables, actually. Do have a look on my slides. You may find the sketches useful. I just had a look. Your slides are very good and I remember them. What I plan to talk about is in totally different view. First of all - I am not going to mention NAT, neither mangling at all. I won't talk about masquerading but I'll focus on filtering, giving a wide introcution regarding the logic behind IPtables, I'll describe useful commands and give examples as well. At the 2nd part, I wish to describe some attacks scenarios and how to defend against them using IPtables. I'll also want to describe the concepts of building a firewall, using IPtables. I hope that there are people who like chains, in addition to traditional code :) It seems to me that those who are with Haifux for a long time will not be so interested, while the Staying-in-Linux audience can find it very useful. Besides, that's your chance to get a slot before May. ;) Maybe. I'm not sure who wants to hear about it and who doesn't. It's actually a very relevant Linux subject which I believe that even the veteran users (who wish to know better what IPtables is) will be glad to hear about (Google proves my point ;). As for slotting it before May - I'm afraid that I won't have time to start working on it before March (exams, etc), so starting to work on it afterwards, while getting scehduled in the end of May, is great for me. Otherwise - I would have considered to give it earlier. And what I see happening is that we get two tracks of lectures: One for experts and one for newbies. I think this is a great thing. Maybe we should make this official. Maybe. It sounds like a good idea. Anyway, regarding my lecture(s), if I split it to two, naturally there will be a basic lecture and a more advanced one. I'll be glad to give both as regular lectures and see later where and how it fits to a SiL series (of next year). Best regards. -- Adir Abraham Technion's Advisors Group and Public PC Farms Manager [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Haifa, Israel ICQ# 1841481 Cel# +972-53-243438, +972-55-481245 KeyID: 0xD8DC85C7 Fingerprint: 138D 8F41 7A06 44A0 3DBB 9DC3 FE8B 2658 -BEGIN PGP PUBLIC KEY BLOCK- Version: PGPfreeware 7.0.3 for non-commercial use http://www.pgp.com mQEPAzLax/sAAAEIAK2bI8utornDYd5LdU+/TABNmqXneiXuLx4j8OKD2GjfS/O8 E6nrX69ot4uU5ryjp5h+7VHBZqCQz+8VC8ly2ANtycejAc82gllVC96fbA+Y6uuN uI9aXkwNqhphmmQZIVaOZDRAo9//1zX9r41xY+8rKSQuNcp+FPD/A5Itng0xhsfS KkCV4tT0mGpiydUHFrugk/bouXPYwUHXSnHp/mPdGsjgqipezHPzCWIn3xcJjk2/ tjd5/ym+arWpKW5nvTuvalcMi2DIcEilSrT5NLwgeuh3eqitYOc9WTiMNMvUiVcP sucJkdxNwjEX9MgD/bLY9wT/13brqxk71tjchccAEQEAAbQnQWRpciBBYnJhaGFt IDxhZGlyQHZpcGUudGVjaG5pb24uYWMuaWw+iQEVAwUQMtrH+6sZO9bY3IXHAQGb 0gf9FwrJBKaTP0yvf3+vwtB+9ftS0woz1TawJwflC5EoHJs7D/5GzkAaRV82RSkH P9fSHmM+LUB0huBBK1qtNyXHWIjQTmYwFYC8Oen4q0Fyze7cloSnpD1rVjI0HoCO UU8bbz0Iseizdjhnl2PTItQ+dkKzLcww1jW5iPXOWd1o8/8s2aebhrpDRO8BfAYg H29jhmDtuVQDPgFfkN/kP+xpHQplMN5Qh1oP22f+Wyg8sVvSv8P7cM+88u46FHi3 zvHpVnZKIBtKhksnH1PYXtz7FvS7vA+MbpM47kgmQGL5Ygig0pUUbBCGlzmg2Hvd 262YCdVYNwpIjQWBLJI8orea0Q== =dgNP -END PGP PUBLIC KEY BLOCK- -- Haifa Linux Club Mailing List (http://www.haifux.org) To unsub send an empty message to [EMAIL PROTECTED]
Re: [Haifux] A suggestion for a lecture - How to protect your network, using IPtables.
On Sun, 18 Jan 2004, Eli Billauer wrote: Hello Adir. As you may recall, I gave a lecture about iptables, which covered both masquerading and some basic firewalling. But it seems like iptables is a very popular topic: The knockout winner of google searches, that bring people to my site, is exactly iptables and masquerading (since I keep my lecture slides there as well). So obviously, there is a demand. And yes, I treated firewalling as a side issue in my lecture. After all, we trust our fellow internet users, don't we? ;) Do have a look on my slides. You may find the sketches useful. It seems to me that those who are with Haifux for a long time will not be so interested, while the Staying-in-Linux audience can find it very useful. Besides, that's your chance to get a slot before May. ;) And what I see happening is that we get two tracks of lectures: One for experts and one for newbies. I think this is a great thing. Maybe we should make this official. Eli I agree with Eli on this point. I think this is a great lecture for SIL, but Eli's lecture was given not so long ago, and I feel there is a bit more to GNU and Linux than repeating topics in such a small time interval. Adir, If March (the next SIL slot) is too soon, we can schedule your IPtables lecture as a SIL lecture a bit afterwards, but May 31st is a date reserved for a regular lecture (veteran, advanced, new, whatever you may call it). However, since most of the Haifux veterans have already enjoyed Eli's lecture, and can go to the slides to refresh their memory (no need to hammer that info inside heads), I see no reason for a causing a drought of lectures (4 or 6 weeks between new topics). Orna. -- Haifa Linux Club Mailing List (http://www.haifux.org) To unsub send an empty message to [EMAIL PROTECTED]
Re: [Haifux] A suggestion for a lecture - How to protect your network, using IPtables.
On Sun, 18 Jan 2004, Orna Agmon wrote: I agree with Eli on this point. I think this is a great lecture for SIL, but Eli's lecture was given not so long ago, and I feel there is a bit more to GNU and Linux than repeating topics in such a small time interval. I will not repeat on his topics at all.. There is a lot to cover in IPtables, and extremely little was talked regarding what I want to talk about in great expend, and more that he didn't talk about at all (in my opinion). It's almost like saying that we are talking about Linux all the time :) Adir, If March (the next SIL slot) is too soon, we can schedule your IPtables lecture as a SIL lecture a bit afterwards, but May 31st is a date reserved for a regular lecture (veteran, advanced, new, whatever you may call it). As I said, I don't mind about the status of the first lecture (as I see it, it is going to be two lectures). However the 2nd one (attacks scenarios and ways to prevent them, in addition to building a real firewall via IPtables) is considered advanced because it assumes knowledge of IPtables, its important concepts or at least the previous lecture. What I suggest, in this case, is to give the advanced lecture on a regular date, and to give the basic lecture a week before, just like we do with the SiL, unless people want the two lectures to be scheduled regular, and in a difference of two weeks. In this case, I will like to get two regular dates so people won't get tired after 4 lectures in a month (a lecture every week). In addition to that, before we decide that it's good for the SiL or not, I'd like to give the lecture in order to know how good it is (it will be a first run, after all). If it's going to be good enough, we can schedule it once again as a SiL lecture for next year, like we did with other successful (or wanted) lectures. However, since most of the Haifux veterans have already enjoyed Eli's lecture, and can go to the slides to refresh their memory (no need to hammer that info inside heads), I see no reason for a causing a drought of lectures (4 or 6 weeks between new topics). Eli's slides are not going to overlap with mine, as I will give a totally different view. It's just like saying that advanced networking shouldn't be covered because we talked about it once. I don't need to say that advanced networking is a general subject. Also iptables, in this case. Besides that - Eli's lecture was given in April 2003 (28/4/2003, if to be exact). That makes it 9 months, not 6 weeks... Orna. -- Adir Abraham Technion's Advisors Group and Public PC Farms Manager [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Haifa, Israel ICQ# 1841481 Cel# +972-53-243438, +972-55-481245 KeyID: 0xD8DC85C7 Fingerprint: 138D 8F41 7A06 44A0 3DBB 9DC3 FE8B 2658 -BEGIN PGP PUBLIC KEY BLOCK- Version: PGPfreeware 7.0.3 for non-commercial use http://www.pgp.com mQEPAzLax/sAAAEIAK2bI8utornDYd5LdU+/TABNmqXneiXuLx4j8OKD2GjfS/O8 E6nrX69ot4uU5ryjp5h+7VHBZqCQz+8VC8ly2ANtycejAc82gllVC96fbA+Y6uuN uI9aXkwNqhphmmQZIVaOZDRAo9//1zX9r41xY+8rKSQuNcp+FPD/A5Itng0xhsfS KkCV4tT0mGpiydUHFrugk/bouXPYwUHXSnHp/mPdGsjgqipezHPzCWIn3xcJjk2/ tjd5/ym+arWpKW5nvTuvalcMi2DIcEilSrT5NLwgeuh3eqitYOc9WTiMNMvUiVcP sucJkdxNwjEX9MgD/bLY9wT/13brqxk71tjchccAEQEAAbQnQWRpciBBYnJhaGFt IDxhZGlyQHZpcGUudGVjaG5pb24uYWMuaWw+iQEVAwUQMtrH+6sZO9bY3IXHAQGb 0gf9FwrJBKaTP0yvf3+vwtB+9ftS0woz1TawJwflC5EoHJs7D/5GzkAaRV82RSkH P9fSHmM+LUB0huBBK1qtNyXHWIjQTmYwFYC8Oen4q0Fyze7cloSnpD1rVjI0HoCO UU8bbz0Iseizdjhnl2PTItQ+dkKzLcww1jW5iPXOWd1o8/8s2aebhrpDRO8BfAYg H29jhmDtuVQDPgFfkN/kP+xpHQplMN5Qh1oP22f+Wyg8sVvSv8P7cM+88u46FHi3 zvHpVnZKIBtKhksnH1PYXtz7FvS7vA+MbpM47kgmQGL5Ygig0pUUbBCGlzmg2Hvd 262YCdVYNwpIjQWBLJI8orea0Q== =dgNP -END PGP PUBLIC KEY BLOCK- -- Haifa Linux Club Mailing List (http://www.haifux.org) To unsub send an empty message to [EMAIL PROTECTED]