Hi All Hope this is the corect email address to use. I have a small network with windows machines behind a Linux 8.1 machine. The Linux machine connects to the internet the windows machines talk to the internet through the Linux machine. Does anyone know how to configure the Linux firewall to track and block attacks? Also I notice I get some spy ware via web sites are these imposible to block? Regards Derek
Derek (on Linux) wrote:
Does anyone know how to configure the Linux firewall to track and block attacks?
I design my firewalls to allow a limited range of services to selected hosts. I don't track attacks and I don't know if "snort" has a method to induce new filter rules in your packet filter and I don't recommend you to try to set this up. Some attacks are too easy to fake and you would end up shutted off from servers which don't have anything to do with the packets that reach you.
Also I notice I get some spy ware via web sites are these imposible to block?
Sadly yes, because they use exactly the same access pattern as your approved software. Yu can try to identify hostnames and ip-addresses which they use and block these but it's a lot of work. My guess is, that suse-linux-e@suse.com is also able to help you with your kind of questions. Peter
participants (2)
-
Derek (on Linux) -
Peter Wiersig