RE: [off topic] poor firewall (was Re: Strange traffic?)

["Jyri Hovila" <jyri.hovila () iki fi>]

Hi!

> I know it is not directly relationed to snort but I got worried when
Erek
> mensioned "poor configured firewalls".
> Where could I find some information about *GOOD* IPChains rules and
what
> exploit are they for.

First of all, you might want to upgrade the kernel of your Linux
firewall to version 2.4.x and start using iptables instead of ipchains.
Ipchains is not capable of stateful firewalling so it's really a bit
outdated piece of software now. Rule syntax of iptables is very similar
to ipchains, so it souldn't be too difficult to learn.

Check out these:

iptables/netfilter project home page
(netfilter is iptable's other name...=)

        http://netfilter.samba.org/

usage/configuration guides

        http://people.unix-fu.org/andreasson/index.html
        
http://www.yolinux.com/TUTORIALS/LinuxTutorialNetworkGateway.html

Linux kernel archives

        http://www.kernel.org/


Hope this helps you!

Yours,

Jyri

Information Security Specialist
E-mail: jyri.hovila () iki fi

Certifications:
http://www.brainbench.com/transcript.jsp?pid=2301241


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users