[opensuse-security] DoS Attacks
Hi there, someone does DoS attacks from my server to servers in the internet. How could I configure iptables to make DoS attacks impossible from my server and how do I have to configure iptables to log all errors and warnings to a external syslog server? I hope this is the right mailinglist for such questions. I already searched the net, but I couldn't find the needed answers. Thank you! Regards, Johnny --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
J. Schröder wrote:
Hi there,
someone does DoS attacks from my server to servers in the internet.
How does (s)he do that? What DoS-attacks, specifically? cu, Rainer --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
J. Schröder wrote:
Hi there,
someone does DoS attacks from my server to servers in the internet. How could I configure iptables to make DoS attacks impossible from my server and how do I have to configure iptables to log all errors and warnings to a external syslog server? I hope this is the right mailinglist for such questions. I already searched the net, but I couldn't find the needed answers. Thank you!
Regards, Johnny I don't think iptables is the 'right' tool or approach to fix this problem. Normally a well secured server doesn't need blocking on out bound traffic.
If you are looking for bad traffic leaving, I would think something like SNORT would be a better tool. I would be more concerned with how 'they' are able to launch such attacks from my server and look at fixing the underlying security issues that is allowing them the access necessary to the attacks. Lyle Giese LCR Computer Services, Inc. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
Lyle Giese wrote:
J. Schröder wrote:
someone does DoS attacks from my server to servers in the internet. How could I configure iptables to make DoS attacks impossible from my server and how do I have to configure iptables to log all errors and warnings to a external syslog server? I hope this is the right mailinglist for such questions. I already searched the net, but I couldn't find the needed answers. Thank you!
I don't think iptables is the 'right' tool or approach to fix this problem. Normally a well secured server doesn't need blocking on out bound traffic.
More importantly, a compromised server, where the attacker or worm has root, will allow the worm to turn iptables off, allowing the worm traffic to head out anyway. To effectively block outbound traffic, you need the blocking to happen on a machine that is not under administrative control by the machine you are worried about.
If you are looking for bad traffic leaving, I would think something like SNORT would be a better tool.
Yeah, like that :-)
I would be more concerned with how 'they' are able to launch such attacks from my server and look at fixing the underlying security issues that is allowing them the access necessary to the attacks.
AppArmor makes that a lot easier ... Crispin -- Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/ Director of Software Engineering http://novell.com Security: It's not linear --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On 05/28/2007 09:35 AM somebody named J. Schröder wrote:
Hi there,
someone does DoS attacks from my server to servers in the internet. How could I configure iptables to make DoS attacks impossible from my server and how do I have to configure iptables to log all errors and warnings to a external syslog server? I hope this is the right mailinglist for such questions. I already searched the net, but I couldn't find the needed answers. Thank you!
Regards, Johnny
This is a capability you can implement in your firewall... which should be on a separate machine. Right after that you should find and disable the processes which are the source of the outgoing attacks. -- "This world ain't big enough for the both of us," said the big noema to the little noema. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2007-05-28 at 15:35 +0200, "J. Schröder" wrote:
someone does DoS attacks from my server to servers in the internet. How could I configure iptables to make DoS attacks impossible from my server and how do I have to configure iptables to log all errors and warnings to a external syslog server? I hope this is the right mailinglist for such questions. I already searched the net, but I couldn't find the needed answers. Thank you!
Much more details are needed. What kind of attack (exactly), how do they get in, etc. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFGW191tTMYHG2NR9URAgpJAJ9+jAEvqfnE25wpLI+MRhR2qpSidQCfchsX w7koTQODBWr2L/dGsdDt8s8= =WAfS -----END PGP SIGNATURE-----
J. Schröder escribió:
someone does DoS attacks from my server to servers in the internet.
What kind of D.o.S attack ? you server is probably compromised. :(
How could I configure iptables to make DoS attacks impossible from my server
Iptables will probably be useless for your situation, the only solution is to indentify the bad apple, isolate and fix it.
participants (7)
-
"J. Schröder" -
Carlos E. R. -
Crispin Cowan -
Cristian Rodriguez R. -
ken -
Lyle Giese -
Rainer Duffner