Wednesday, June 5, 2013

How Common Attacks Are Being Blocked By Linux IPTABLES

Here in this section I am going to discuss some common attacks can be done on any type of Linux machine and I will also describe that how they are being blocked by iptables.

ICMP Flood | Ping Traffic

This is also known as ping of death attack or an ICMP flood. One must block ping traffic by using iptables. One must block all ICMP incoming packets from outside connection. You can let it allow for your internal network.  Below command shows how ICMP flood can be dropped by using iptables.DROP is used for dropping packet.

iptables -A OUTPUT -p icmp --icmp-type 8 -j DROP

Drop incoming NULL Packet

Null packets should be dropped by following command:

iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP

Drop incoming XMAS Packet

XMAS packets should be dropped by following command:
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP

Drop incoming Fragments Packet

Fragments packets should be dropped by following command:

iptables -A INPUT -f -j DROP

Drop SYN Packets

SYN packets should be dropped by following command:

iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP

2 comments:

Anonymous said...

The first command:

iptables -A OUTPUT -p icmp --icmp-type 8 -j DROP

just drops all outgoing ping-request. Incoming ping-requests need to be dropped in INPUT Chain, too.

Frogy said...

Yes you are certainly right. Thanks for your input and marking that.