Hi Togan, On 2001.09.08 14:15:05 +0100 Togan Muftuoglu wrote:
changes and know how many packets you have sent - but IMHO if you are being watched that closely, the cracker has probably already sniffed the
* maf king; <maf@cybereye.co.uk> on 08 Sep, 2001 wrote: Hi, Maf packets
anyway... :-(
Could it be this sniffing being done at the ISP as we are on dynamic IP's via ADSL pppoe and static IP's will be sometime in two weeks time and I want to secure my connections as much as possible.
I meant sniffing in general. I wasn't saying that anyone *was actually* sniffing you - (all I can say is I am not ;-) ) What I meant was that if someone can count the packets leaving your box, and see the sequence ID changing, then they would probably be in a position to sniff them anyway, so the non-random ID isn't IMHO a big problem. But yes, your ISP would be a good place to sniff all your traffic, if someone wanted to - but there are other places where this can be done, too - any router which sees your packets can sniff them...
Everytime the connection drops Ipchains script reconfigures the firewall based on the new IP and the rules are the same except three things
icmp 5 now denied for input icmp 13:255 denied for input icmp 14 denied for output
I don't know how to randomise the ip_id field you mentioned in the first mail, but AFAIK changing icmp settings on the firewall won't be the problem (or the cure...) HTH Maf.
-- Togan Muftuoglu
--
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Maf. King Standby Exhibition Services ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "It is easier to do a job right than to explain why you didn't." - Martin Van Buren ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~