iptables script

Iptables provides the option to log both IP and TCP headers in a log file. This is useful to: => Detect Attacks => Analyze IP / TCP Headers => Troubleshoot Problems => Intrusion Detection => Iptables Log Analysis => Use 3rd party application such as PSAD (a tool to detect port scans and other suspicious […]

{ 0 comments }

Someone recently asked me a question: How can I save time and script size by specifying a range of IP addresses or ports using iptables? In old version of iptables IP address ranges are only valid in the nat table (see below for example). However newer version does support option that allows you to specify […]

{ 9 comments }

From my mail bag: How do I accept CIPE connection requests coming from the outside? CIPE stands for Crypto IP Encapsulation (see howto Establishing a CIPE Connection) . It is used to configure an IP tunneling device. For example, CIPE can be used to grant access from the outside world into a Virtual Private Network […]

{ 0 comments }

It is really a good idea to have one central logging host for security and performance reason. For example monitoring log files will help you to detect: * Security risks (you can see failed login attempt, port scan etc) analysis * Troubleshoot user login problem * Save disk space * If hard disk crashed on […]

{ 5 comments }

The Internet Message Access Protocol (commonly known as IMAP or IMAP4) is an application layer Internet protocol that allows a local client to access e-mail on a remote server. An IMAP protocol is used for e-mail retrieval. Virtually almost all modern e-mail clients and servers support IMAP. E-mail messages are generally sent to an e-mail […]

{ 2 comments }

A SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target’s system. This is a well known type of attack and is generally not effective against modern networks. It works if a server allocates resources after receiving a SYN, but before it has received […]

{ 17 comments }