How Common Attacks Are Being Blocked By Linux IPTABLES

Here in this section I am going to discuss some common attacks can be done on any type of Linux machine and I will also describe that how they are being blocked by iptables.

ICMP Flood | Ping Traffic

This is also known as ping of death attack or an ICMP flood. One must block ping traffic by using iptables. One must block all ICMP incoming packets from outside connection. You can let it allow for your internal network.  Below command shows how ICMP flood can be dropped by using iptables.DROP is used for dropping packet.

DNS - Domain Name Server Configuration - Server CentOS , Client XP

DNS  is nothing but the numerical form of IP address which can be easily remembered and used. It can resolve full domain name from the  IP address and vice-versa. There is master name server and slave name server.

Configuration of DNS server
To install DNS server we need to install bind package from terminal using following command:

# yum search bind

It will list all available bind packages. From all packages we have installed bind.i686 : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server. Command is as follows.

Command Line Magic - See Data Usage In Linux

As we can see and sort our folders according to our requirement in windows, I was asking myself that is there any way that we can do that in linux ?

Then i searched a bit on 'opensource' internet world and I found one inbuilt linux command which is du.

du stands for Data Usage. But alone du command should not be used. I used du command along with head and sort command.

Command Line Magic - Pick A Random Number From Your Given Range

One day my friend told me that what to do to pick a random number form desired range. I told there are many algorithms infact you can create your own C program for that just 10 to 15 lines of code.

He told I don't know the syntax of C so can you find something else for that. Then I played with Ubuntu terminal and created command.

Initially I was searching for any command for terminal which can give me random link. But I was unable to find. Then I got this link on internet.

DHCP Configuration - Server CentOS - Client XP

        In Linux server the IP address is statically assigned which will be 192.168.13.0/24. Here server will be capable to ping the client machine and that has to be same from the client machine which will be also able to ping the server machine which is running on CentOS. For that DHCP Server will be installed in the Linux server to assign the static IP address to their client machine.

DHCP Cofiguration – Dynadmic Host Configuration Protocol

DHCP is used to manage IP address centrally. It also protects the IP address centrally. It automatically assigns the IP address to the guest OS. Not only the IP address but it also assigns gateway, DNS server, Net BIOS and network information. DHCP assigns IP address statically as well as dynamically. Here we will assign a static IP address so that we can manage our IP address centrally.

VPN Flaws & Limitations

Virtual Private Network is a technology that has been taken for granted by several organizations as the secure protocol for communication between their various branches. But even though it has robust nature, it is, like most other technologies, not completely secure. We will hereby discuss some of the security flaws of the VPN technology.

VPNs could be the most targeted area for an attack simply because of the amount of sensitive information it carries. VPNs also connect two internal networks via the insecure Internet, which means that a VPN has access to internal network of an organization. So successfully attacking a VPN means gaining control of the internal network of the organization. Moreover the VPN traffic is invisible to Intrusion Detection Systems. So they will be blind to an attack over the VPN.

Network Virtualization Security Issues

Network Virtualization is the next big thing in the world of networking. Although the current internet architecture is quite robust and complete, but it needs multiple protocol stacks to suffice the needs of modern technologies like mobile and embedded devices, new communication paradigms etc. Network visualization offers a solution to many challenges of current network architecture like scalability, flexibility and cost of infrastructure.

MITM Attack Scenario

Almost all companies, be it a giant multinational or a small startup consisting of just a small team, needs to secure their confidential data. And they do, more or less. They use all the traditional ways of protecting their data, install firewall softwares, anti-virus and anti-malware packages. They buy expensive sophisticated hardware that claims to guard their data while they sleep peacefully at night. But are they really secure? Do these companies realize their weakest link in the chain?

Http Tunneling

Most of the companies and enterprises use proxies and firewalls for their company’s network security. But majority firewalls and proxies block most or all other services but one – http/https. They allow traffic to destination port 80 or 443 to pass in order for their employees to surf the web. So this particular behavior of the firewall can be exploited in order to connect to remote servers with services running on different ports other than 80 or 443. Let us see how.

Bittorrent Based DDOS Attack

BitTorrent is the most famous and widely used peer to peer file transfer protocol. Created in 2001 by Bran Cohen, it quickly caught users’ attention all over the world and it became more popular than other existing such networks like Napster, Gnutella and FastTrack. But its popularity combined with a basic flaw in the design and working of this protocol has opened the possibility for a Distributed Denial of service attack on arbitrary server of the attacker’s choice. Here we are going to look how this is possible.

ARP Poisoning - A Theoretical Approach

ARP Poisoning is an attack that can be carried out in a LAN that relies on Address Resolution Protocol for its internal routing. ARP Poisoning can then be further extended in different forms of attack like Man-in-the-middle-attack, Packet sniffing, Denial of Service etc. In this attack the attacker spoofs the ARP cache of the target machine.