Lyle Giese wrote:
J. Schröder wrote:
someone does DoS attacks from my server to servers in the internet. How could I configure iptables to make DoS attacks impossible from my server and how do I have to configure iptables to log all errors and warnings to a external syslog server? I hope this is the right mailinglist for such questions. I already searched the net, but I couldn't find the needed answers. Thank you!
I don't think iptables is the 'right' tool or approach to fix this problem. Normally a well secured server doesn't need blocking on out bound traffic.
More importantly, a compromised server, where the attacker or worm has root, will allow the worm to turn iptables off, allowing the worm traffic to head out anyway. To effectively block outbound traffic, you need the blocking to happen on a machine that is not under administrative control by the machine you are worried about.
If you are looking for bad traffic leaving, I would think something like SNORT would be a better tool.
Yeah, like that :-)
I would be more concerned with how 'they' are able to launch such attacks from my server and look at fixing the underlying security issues that is allowing them the access necessary to the attacks.
AppArmor makes that a lot easier ... Crispin -- Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/ Director of Software Engineering http://novell.com Security: It's not linear --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org