Here in this section I am going to discuss some common attacks can be done on any type of Linux machine and I will also describe that how they are being blocked by iptables.
ICMP Flood | Ping Traffic
This is also known as ping of death attack or an ICMP flood. One must block ping traffic by using iptables. One must block all ICMP incoming packets from outside connection. You can let it allow for your internal network. Below command shows how ICMP flood can be dropped by using iptables.DROP is used for dropping packet.
iptables -A OUTPUT -p icmp --icmp-type 8 -j DROP
Drop incoming NULL Packet
Null packets should be dropped by following command:
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
Drop incoming XMAS Packet
XMAS packets should be dropped by following command:
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
Drop incoming Fragments Packet
Fragments packets should be dropped by following command:
iptables -A INPUT -f -j DROP
Drop SYN Packets
SYN packets should be dropped by following command:
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
Thus we can use iptables in efficient way.
Source : http://www.cyberciti.biz/tips/linux-iptables-10-how-to-block-common-attack.html
Source : http://www.cyberciti.biz/tips/linux-iptables-10-how-to-block-common-attack.html
2 comments:
The first command:
iptables -A OUTPUT -p icmp --icmp-type 8 -j DROP
just drops all outgoing ping-request. Incoming ping-requests need to be dropped in INPUT Chain, too.
Yes you are certainly right. Thanks for your input and marking that.
Post a Comment