Netfilter, firewall, Iptables, Ipchains, DoS, DDoS

Hi, I found this reference information for people who wants to get rich knowlege about sysadmin.. (Part 2)

Part1 - Basics, important sites, HOWTO's, handbooks, hardening, tips
Part2 - Netfilter, firewall, Iptables, Ipchains, DoS, DDoS
Part3 - Intrusion detection, integrity checks: IDS, NIDS, HIDS, Antivirus, software
Part4 - Chroot, chrooting, jailing, comparimization
Part5 - Forensics, recovery, undelete
Part6 - Securing networked services

Part2 - Netfilter, firewall, Iptables, Ipchains, DoS, DDoS

*Please note the easiest way to troubleshoot Netfilter related problems is to add log (target) rules before any "decision" in a chain.
** Please note there's a LOT of firewall scripts on LQ: just search the Linux - Security and Linux - networking fora please.

Netfilter/Iptables
LQ search, iptables+howto: http://www.linuxquestions.org/questi...der=descending
IPTables Tutorial: http://iptables-tutorial.frozentux.n...-tutorial.html
IPSysctl Tutorial: http://ipsysctl-tutorial.frozentux.n...-tutorial.html
Linuxguruz.org: http://www.linuxguruz.org/iptables/
Netfilter.org Packetfiltering HOWTO: http://www.netfilter.org/unreliable-...ltering-HOWTO/
Linuxsecurity.com Iptables tutorial: http://www.linuxsecurity.com/resourc...-tutorial.html
Iptables Connection tracking: http://www.cs.princeton.edu/~jns/sec...conntrack.html
Taking care of the New-not-SYN vulnerability: http://archives.neohapsis.com/archiv...3-01/0036.html

Ipchains
TLDP Ipchains HOWTO: http://www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO.html
Flounder.net Ipchains HOWTO: http://www.flounder.net/ipchains/ipchains-howto.html

Web-browsers, mail clients, FTP clients, IM, P2P ports database for building your own rules: http://www.pcflank.com/fw_rules_db.htm

Other resources/misc stuff
Basic introduction to building ipchains rules: www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO.html
Explanation of the Ipchains logformat: logi.cc/linux/ipchains-log-format.php3
Ipchains log decoder: dsl081-056-052.dsl-isp.net/dmn/decoder/decode.php
Basics on firewalling: www.linuxdoc.org/HOWTO/Firewall-HOWTO.html
linux-firewall-tools: http://www.linux-firewall-tools.com/linux/
CERT: Home Network Security: http://www.cert.org/tech_tips/home_networks.html
Firewall FAQ: http://www.faqs.org/faqs/firewalls-faq/
Assigned ports > 1024: http://www.ec11.dial.pipex.com/port-num4.shtml
Port designations: http://www.chebucto.ns.ca/~rakerman/port-table.html
Firewall Forensics FAQ (What am I seeing?): http://www.robertgraham.com/pubs/firewall-seen.html
Linux Firewall and Security Site: http://www.linux-firewall-tools.com/linux/
Auditing Your Firewall Setup (old, still usefull), : http://www.enteract.com/~lspitz/audit.html
TLDP: Firewall Piercing mini-HOWTO: http://www.tldp.org/HOWTO/mini/Firew...cing/x189.html
Something called the "Home PC Firewall Guide": http://www.firewallguide.com/
Vendor/Ethernet MAC Address Lookup: http://www.coffer.com/mac_find/
Netfilter Iptabes/Ipchains Log Format: http://logi.cc/linux/netfilter-log-format.php3
Dshield (find out if IP was marked as used in attacks): http://www1.dshield.org/ipinfo.php
Port search (Snort): http://www.snort.org/ports.html
Neohapsis Port search: http://www.neohapsis.com/neolabs/neo-ports/
P2P ports (IPMasq): http://www.tsmservices.com/masq/cfm/main.cfm
Is "Stealth" important?: http://www.practicallynetworked.com/...et.htm#Stealth
Infosyssec's Firewall Security and the Internet (badly updated site): http://www.infosyssec.net/infosyssec/firew1.htm

Webbased portscan services:
http://www.linux-sec.net/Audit/nmap.test.gwif.html
http://www.derkeiler.com/Service/PortScan/
http://scan.sygatetech.com/
http://www.sdesign.com/securitytest/
http://www.auditmypc.com/
http://www.dslreports.com/scan
http://crypto.yashy.com/nmap.php
http://www.grc.com/


DoS info
Hardening the TCP/IP stack to SYN attacks: http://www.securityfocus.com/infocus/1729
SANS, Help Defeat Denial of Service Attacks: Step-by-Step: http://www.sans.org/dosstep/index.htm
SANS, ICMP Attacks Illustrated: http://rr.sans.org/threats/ICMP_attacks.php
CERT, Denial of Service Attacks: http://www.cert.org/tech_tips/denial_of_service.html
NWC, Fireproofing Against DoS Attacks (forms of): http://www.nwc.com/1225/1225f38.html

DDoS info
SANS, Consensus Roadmap for Defeating Distributed Denial of Service Attacks: http://www.sans.org/ddos_roadmap.htm
SANS, Spoofed IP Address Distributed Denial of Service Attacks: Defense-in-Depth: http://rr.sans.org/threats/spoofed.php
SANS, Understanding DDOS Attack, Tools and Free Anti-tools with Recommendation: http://rr.sans.org/threats/understan...nding_ddos.php
Juniper.net, Minimizing the Effects of DoS Attacks: http://arachne3.juniper.net/techcent...te/350001.html
CISCO, Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks: http://www.cisco.com/warp/public/707/newsflash.html
Dave Dittrich's references: http://staff.washington.edu/dittrich/misc/ddos/
Xinetd Sensors: http://www.gate.net/~ddata/xinetd-sensors.html
Xinetd FAQ: http://synack.net/xinetd/faq.html

Original Source: Linuxquestions.org

0 Comments: