| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3D5DFAB8.2080600@core.gen.tr> From: evrim at core.gen.tr (Evrim ULU) Subject: IP'less bridging firewall Hi, We have setup an ipless(0.0.0.0) bridging linux firewall using bridge-nf patch. At the begining, ipt_REJECT.c is not working since no interface has ip addr. Then we've made it to produce necessary TCP RST & ICMP Port unreachable packs. Now it's working quite well and no syn attacks can reach the machines behind the firewall. Also, configuring it correctly leads to an invisible firewall. Firewalking can be eliminating using ttl module of iptables. In addition, if there are insufficient ports open on the protected machine behind the firewall nmap may confuse while determining the os since rst packets are generated by firewall. Onto this, random os stack fingerprinting can be added to confuse nmap etc. On the other hand, we haven't tried to mangle the connections. If this can also be done, boxes behind the firewall can be protected more. This firewall has 3 nic's and one is connected to my console box directly. Snort is installed to dynamically block the flood/ddos/buffer overrun attacks. Finally, we'r looking for test methods to penetrate this firewall. I've no idea how can this box be *hacked* & *abused* & *ddossed*? *There is no spoon* -------------------> *and no firewall either* -- Evrim ULU evrim@...y.com.tr / evrim@...e.gen.tr sysadm http://www.core.gen.tr
Powered by blists - more mailing lists