University Crest

[wlug] iptables question

 
wlug archive index About the wlug list Mailing lists home
To The University of Waikato HomepageWaikato Home > Waikato Mailing Lists > wlug Info > wlug archives
DrWho? x_files_@i...
Tue Apr 27 10:07:09 NZST 2004


>
>DrWho? wrote:
>
>>My idea was to use a callback too hook port 80 and use a perl script to 
>>reverse lookup the ip address and look for .nz at the end and pass fail 
>>there after.
>
>PAINFUL!!

Yes using pearl does not seem a good idea, so I will have to code an 
extension for iptables.
And after all, is not "have a go" the key part of the Linux experience?

>If you wanted it hidden you'd have do blackhole the port by default, sniff 
>for attempted connections, look up the address, change firewalling on the 
>fly.. and you're opening yourself up for a huge self-DoS if someone spoofs 
>millions of random SYN packets at you.

That seems to be the conclusion I have come to as well. The SYN attack risk 
could be reduced by making use of the counters and limiting the number of 
connection attempts to say 2 and then dropping them there after.

>I believe there's a list of IP ranges that are allocated within New 
>Zealand. configure your box to accept those and blackhole everything else. 
>End of problem.

It just seems to be allot of effort for such a fundamental operation.. as I 
say windows users can do just what I wont to do with very little hassle!! 
dam frustrating!!



>_______________________________________________
>wlug mailing list | wlug@l...
>Unsubscribe: http://list.waikato.ac.nz/mailman/listinfo/wlug
>
>


More information about the wlug mailing list
NOTICE: This is an archive of a public mailing list. The University of Waikato is not responsible for its contents.

The University of Waikato - Te Whare Wananga o Waikato