Books
Lucian Gheorghe

Designing and Implementing Linux Firewalls and QoS using netfilter, iproute2, NAT and L7-filter

  • ritahuhas quoted4 years ago
    The first command shows the backlog size of 1024, and the second command sets it to 2048.

    The default Linux Kernel behavior is to discard new SYN packets if the queue is full.
  • ritahuhas quoted4 years ago
    can use iptables to protect against SYN flooding by limiting the number of SYN packets in a defined amount of time, as we did for ICMP
  • ritahuhas quoted4 years ago
    very large number of SYN packets without regarding the SYNACK the attacked host sends back. This type of attack is called TCP SYN attack or SYN flooding .
  • ritahuhas quoted4 years ago
    SYN flooding can be successful as the attacked computer keeps track of partially opened connections for minimum 75 seconds in a "listen queue". The queue is limited on various TCP implementations; therefore a SYN flood can fill it up, causing the machine to reboot or to crash.
  • ritahuhas quoted4 years ago
    fragmented IP packets that could not be assembled properly by the attacked machine, by manipulating the offset values of the packets. The effect was a kernel panic in Linux or a blue screen in Windows. A reboot solved the problem until the next attack.
  • ritahuhas quoted4 years ago
    Those tools exploit a fragmentation bug in the IP stack implementation of some old Linux kernels (2.0), Windows NT, and Windows 95. Teardrop sent frag‍
  • ritahuhas quoted4 years ago
    destined to one host to the attacker's IP address.
  • ritahuhas quoted4 years ago
    ICMP Flooding is one of the easiest ways to attack a host. ping is one of the most commonly used tools to verify connectivity, but it can also be used as a DoS attack tool.
  • ritahuhas quoted4 years ago
    Using spoofed IP addresses, an attacker might disrupt communications between two hosts by sending "Time Exceeded" or "Destination Unreachable" messages to both hosts, resulting in a DoS attack.

    By sending ICMP "redirect" messages, an attacker might force a router to forward packets
  • ritahuhas quoted4 years ago
    Protocols like POP3, SMTP, SNMP, etc., transmit passwords in clear text, and so, decoding captured IP packets may result in disclosing such sensitive data. Packet sniffers like dsniff have very nice tools to decode those packets and store this information in a file in clear text
fb2epub
Drag & drop your files (not more than 5 at once)