Welcome to my site. Please CLICK HERE to give your opinions regarding this new look of "PCTipsbyAnu". Thanks for visiting.

Monday, April 4, 2011

Browse » Home » , , , , , , , » Linux Firewalls – Attack detection and response with iptables, PSAD, and FWSNORT.

Linux Firewalls – Attack detection and response with iptables, PSAD, and FWSNORT.


I seem to work best at night, it’s dark out, and generally quite dark inside too; there is more bandwidth because it is off peek, and in general there is nobody coming over or phoning and interrupting me. Incidentally, its also when I do the majority of my reading, at home; in bed, at night. Much more pleasant that way…
PSAD
Linux Firewalls takes you right from the very start of how iptables works to manually porting Snort rules over to iptables for detection, and in my humble opinion, it does a damn good job of it. In fact, it done such a good job of it, I have used the reference firewall scripts and PSAD configurations to install and configure iptables and PSAD on my new VPS, which I will hopefully be moving some of my sites to.
Some of the things you should probably have already if you want to get the best out of Linux Firewalls is…
  • A comfortable familiarity with the distribution of Linux you wish to use.
  • Basic understanding of how networks communicate.
  • Reasonable understanding of how TCP works (ie. the three way handshake)
  • Reasonable understanding of how UDP works
  • A system to test this stuff on, if you don’t have a system to test this stuff out on, you could always set up a few virtual machines using VirtualBox or VMWare.
  • A will to learn about this kind of stuff
Missing any one of these things (except the will to learn, thats pretty important) probably isn’t going to be a huge deal, but if your missing a lot of them, you might struggle a bit with some of the concepts.
Here is a sample of one of the basic Linux Firewall scripts..
#!/bin/sh
 
#Port and IP addresses changed to protect the innocent.
 
IPTABLES=/sbin/iptables
MODPROBE=/sbin/modprobe
 
### Flush existing rules and settings. Set to default drop.
echo "[+] Flushing existing iptables rules..."
$IPTABLES -F
$IPTABLES -X
#$IPTABLES -t nat -F
CLICK HERE TO DOWNLOAD FULL SCRIPT (1.82KB)




Thanks...
You can leave a response, or trackback from your own site.

About 'Anu': My name is 'Anu' also Known as 'ANU 007 TIGER' .I'm administrator of 'PC Tips by Anu' blog .This blog was opened for sharing contents about hacking n cracking.
Thanks YAHOO OR GMAIL

0 comments:

Post a Comment

 
Back to Top