Let's say I have a few hosts on the same subnet, and they are all connected to a central Linux box running a filtering bridge. If I tightly control the communications between the hosts using the filtering bridge, is this just as good as seperating hosts into different subnets (e.g. DMZ and Internal) ?
View 6 RepliesI'm wanting to use mac filtering to restrict access to certain machines. I already know that I can just add MACs line by line, but is there a way to specify a list of MACs? That way it would be much simpler to maintain a list of acceptable/unacceptable hosts.
I'm not going to rely only on this list because of spoofing, but it would be nice as another "layer" of protection.
I have already developed file type filtering functions through squid. Now I want to deal with content filtering aspects... What tools are available there for so in linux?
View 6 Replies View RelatedI have several CS servers running on ubuntu server, and sometimes someone is trying to brute server's RCON password with the program called HLBrute. I've found the following rules to prevent such hack attacks, but they don't work What can be wrong in these rules?
Quote:
iptables -A INPUT -p udp -m multiport --dport 26000:30000 -m string --algo kmp --string "HLBrute" -m limit --limit 1/hour --limit-burst 5 -j LOG --log-prefix " HLBrute_Ataka "
iptables -A INPUT -p udp -m multiport --dport 26000:30000 -m string --algo kmp --string "HLBrute" -j DROP
I'm looking to possibly need to make use of snort and its packet filtering/inspection abilities to help cover for PCI. I've searched Amazon, but nothing really stand out, there is a new one (2007 - Snort Intrusion Detection and Prevention Toolkit), or slightly older ones... Managing Security with Snort & IDS Tools - 2004, Snort Cookbook - 2005, Snort for Dummies - 2004.
Now i'm tempted in just going for the latest one, but i'm completely new to snort so perhaps it needs another book like snort for dummies to get started ;-P
I want to capture all packets from site "www.examplesite.com" so I checked its ip address in an ip address look up and it was 123.456.abc.def.So I set my filter to "dst host 23.456.abc.def"However I then realised that multiple ip address point to ww.examplesite.com, for example say the following ips also go to987.654.321.000111.222.333.444So is there a filter that will automatically capture all traffic going to www.examplesite.com or do I have to go and manually find all it's ip addresses and pass them all to the filter?
View 2 Replies View RelatedI have a VMware farm where:
- DHCP is in use to give machines IPs
- Machines go up and down all the time
- All IPs are on a certain subnet
- VMs update DNS (we don't go by IP)
- SSH is in use
I would like to disable StrictHostKeyChecking only for this subnet, because IPs change all the time and editing known_hosts usually only works for a few days before the IP changes again, and once I get enough entries, there are tons of conflicts.
I tried the following in ~/.ssh/config:
Code:
Host 10.0.217.*
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
[Code]....
If I allow, my server's IP is:
11.11.11.11
If I allow 11.11.11.11, and block 22.22.22.22
22.22.22.22 can't access the server
But if I allow 11.11.11.0/24, and block 22.22.22.22
22.22.22.22 can still access the server!!
Does anyone know why that is?
I have TWO L3 + router switch (say switch1 and switch2). I created VLAN100 with VLAN ID 100 in both the switches. I created router 192.168.1.1/24 in Switch1. I created router 192.168.2.1/24 in Switch2. Switch1 is connected with 1.x/24 PCs. PCs are configured with 1.1 gateway. Switch2 is connected with 2.x/24 PCs. PCs are configured with 2.1 gateway. Both Switch1 and switch2 are connected by a trunk to carry VLAN100 data.
1)I have few PCs of 1.x connected to say Switch1 Is it possible for PC with IP 192.168.1.100(x) to ping PC with IP 192.168.2.100(y)?What are the configuration required in both switches to make them communicate ? All the device in both the subnets should ping/communicate with each other.
2)Move PC (192.168.1.100) to switch2. Move PC (192.168.2.100)to switch1.What will happen when PC(1.100) ping (2.100) and vice versa?What will happen when PC(say 1.80 in switch1) pings PC (say 1.100 in switch2) and vice versa? What will happen when PC(say 1.80 in switch1) pings PC (say 2.100 in switch1) and vice versa?
I was having a discussion with someone who said that telnet, FTP, HTTP plain-text authentication in the local subnet is ok because it's a switched network. Also, that these protocols are not good over the net but in a local subnet they are just fine.
I know that someone can plug a hub in the network port and connect 2 (or more) PCs and see the packets. Also, heard about ettercap but haven't really delved into it. I know dsniff was written to prove the point that unencrypted protocols are bad. Would like to get opinion about unencrypted protocols over a switched networks.
I installed Redhat Enterprise linux server5. it has two LAN card and two subnet connected to these two LAN card. i can browse network from these two network easily. But i created VLAN on one network card.Now i cant browse network from these VLAN subnet.
View 3 Replies View Relatedusing ubuntu and the corporate edition of open dns? >Im curious to find out how the anti malware filtering works in open dns works.
View 4 Replies View RelatedI did a recursive search using grep in a list of files for lines containing a specific word. It brought everything up ok but now I need to filter it out and print the results to a file with
* Path Name
* A section of the line
The path ends in a colon and after it could be any number of words, spaces, and punctuation which the one phrase I need being somewhere in there - I need the phrase to be filtered out and merged with the path like this
"path/to/file: phrase"
I'm guessing awk is the best way to do this but I don't know anything at all about awk except it specializes in filtering.
I pay for wifi usage. The access points are using mac address filtering. I know this because I can spoof the mac of another computer of mine and get it online. I'd like to get both the computer's online. I've been trying to do ip masquerading. It hasn't been working so far. I am not sure if the computer connected to mine through a cross over cable is revealing its mac address to the access points when communicating. If so, how does one get around this? ping shows connectivity between the two computers.
View 4 Replies View RelatedI have a question regarding the use of iptables as sort of a firewall I suppose? Using a linux router which has a server machine connected to it. The router is also acting as a PPTP VPN server, which I would like to allow some friends to connect to so that they can VPN to my LAN.
The question I have is how I might be able to use iptables to apply restrictions to the VPN traffic to only access 1 IP? The server is on the LAN with an IP of lets say 192.168.1.25, and the VPN given IP range is 192.168.1.51-55. The router has the .1 IP, but the PPTP server on that router uses an IP of 192.168.1.50. How might I restrict the traffic from the VPN connections to only be able to access the .25 server, and possibly only on certain ports? I don't want to allow the VPN connections full access to everything on the LAN and especially not to WAN.
I am using IWSS on RHEL-5 for web filtering and want to use Squid proxy at the same system . I can configure Squid behing of IWSS .
View 1 Replies View RelatedHow do i filter the daemoms list for just 1 letter and then turn off certain run levels for that daemon?
View 2 Replies View RelatedI want filter some sites on my network by squid .
My Distribution is suse server 11 squid 2.7
I have made linux raid array, named it md1 and it can be found under /dev/md1. I have created single partition (whole disk) of type LVM (8e) and it can be found under /dev/md1/md1p1.
When I run: pvcreate /dev/md1/md1p1
I get this message: Device /dev/md1/md1p1 not found (or ignored by filtering).
But if I run pvcreate /dev/md1
Everything went OK. I can create volume group and logical groups after that.
I haven't found anything specifically on net, except that partition for LVM to work should be of type 8e. Does this doesn't have to be true when we use whole disk as a VG? Should I expect any problems since this is going to be iSCSI target disk?
Is there any way to filter the output of a command based on the values on the output columns. For example i execute du -h on directory with many files. Now I want to filter the output based on the size (i.e. M or G or K ). The filtered o/p should contain only M(megabytes) or G(gigabytes) and also all columns.
20K ./fload/temp/20000101/Pam
15K ./fload/temp/20000101/NAVEX
29K ./fload/temp/20000101/Avenge
[code]....
I have slackware 13.0 on my HP 520 laptop.My machine is connected to the internet and it also act as a gateway for other machine of mine.
I want to use mac filtering options of iptables.But i am getting following error
iptables v1.4.3.2: Couldn't load match `ac-source':/usr/libexec/xtables/libipt_ac-source.so: cannot open shared object file: No such file or directory
Is there some way to filter output of command by OR condition in Linux? There is filtering by AND condition with grep in way like:
ls -l | grep "^a" | grep "z$"
That says: list all files that beggins with "a" AND ends with "z" (so there is shorter way to write this: grep "^a.*z$", but it is not matter). Is there some way to perform test by OR condition? For example: files that starts exactly with "xen" OR files that ends exactly with ".rpm". But exactly, not something like:
grep "[xen]{0,3}.*[.rpm]{0,4}"
how I cat to filter out information about Unix Domain Sockets from netstat output without grep? Is there some option for command (I not found it in man of netstat).
View 2 Replies View RelatedI've followed the Host Based Authentication Part from this page: [URL]...I cannot get it to work. When I delete the 'ldap' from the shadow line in /etc/nsswitch.com all my ldap users cannot login. Yes I've uploaded the ldapns.schema, activated hostObject and added the machine name to the host attribute to my test ldap users. I get this error from /etc/auth.log: sshd[3979]: pam_ldap: ldap_initialize Bad parameter to an ldap routine
[Code]...
I have a dell inspiron 600m with xubuntu 10.10 installed, I have it for a kids computer so I installed web content filtering (dansgaurdian) and I installed simple module for admin. dansgaurdian's control files (libdansgaurdian-perl) I instilled both from the USC. But I can't find where I can ajust the settings and on the web dansG is not filtering. how to find the gui part of it?
View 3 Replies View RelatedI am trying to block unappropriated sites on my ubuntu 11.04 with openDNS I installed it and in addithion to the catagoriegs I checked I also added some sites to the always block list, everything according to the site should work. But the problem is that nothing is blocked (also the sites in the always block list). I cleared the browsers cache but it didn't help when i try to clear the local cache with the provided command in their site I think it says it ignored my network.
About firefox,I want to block images only on facebook automatically so I added [URL] to the always block list in the images category and it should work but it just won't block the images. I should note that I use the same method on chrome and there it work like a charm. how to get that working on firefox?
I'm trying to capture traffic between two machines, A and B. I would like to make sure that the traffic I capture with tcpdump is between eth1 on the local machine and eth0 on the remote machine. As I understand it, the -i flag specifies the local machine interface - but how to set the remote one?
View 3 Replies View RelatedI am manually capturing and injecting Ethernet traffic (using lib_net/lib_pcap libraries) for an application. At the moment , both capturing and injecting are done on the same physical interface (e.g. eth0). The problem is that all the traffic that I inject, are captured again by my application causing an unwanted feedback of injected traffic. This caused that I had to implement traffic filtering when capturing traffic, which is consuming resources and eventually will become too complicated to support.
I have tried using virtual interfaces to separate the capturing and injecting streams, but that also presented the same problem as all the traffic from eth0 is forwarded to both eth0:1 and eth0:2. If possible I would like both streams to go through 1 physical device, using more PDs will be the last resort. I am also looking at using TUN/TAP devices to try and separate the two streams, maybe writing a user-space program that lies between the physical device and the TUN/TAP devices to do the routing of traffic.
I need to implement a form of filtering. Current topology is like so:
Internet -> Smoothwall -> MS Exchange server (w/ OWA) -> Clients
So I need to enable transparent spam filtering on the smoothwall system, which is a full fledged Linux system. There are no 'free' modules available for smoothwall that enable spam filtering. And due to the monetary constraints of the project I'm working on, something free is required.
I don't have any experience with this - I've done a couple of searches and came up with "SpamAssasin", but I can't find any relevant guides that allow transparent scanning - they all assume the mail is stored on THAT server.
So I'm here to ask the more experienced people what sort of packages will enable this functionality? Would like something that has a WebUI, but that's not absolutely necessary.
I am trying to filter out attachment emails using procmail. I have tried this:
Code:
#Config:
SHELL=/bin/sh
PATH=/bin:/usr/bin:/usr/bin
MAILDIR="/var/mail/root"
LOGFILE=/var/log/procmail.log
LOGABSTRACT=ALL
VERBOSE=ON
:0
*^Content-Transfer-Encoding: base64$ {
| echo $LASTFOLDER }
[/code]
As you can probably guess, this line "Content-Transfer-Encoding: base64" appears when emails come with attachments, but the result of this filter is:
Code:
procmail: No match on "^Content-Transfer-Encoding: base64"
procmail: Skipped "| echo $LASTFOLDER"
procmail: Assigning "echo"
procmail: Skipped "| $LASTFOLDER"
procmail: Assigning "LASTFOLDER=/var/mail/root/msg.OFT"
procmail: Opening "/var/mail/root/msg.OFT"
procmail: Acquiring kernel-lock
procmail: Notified comsat: "root@0:/var/mail/root/msg.OFT"
From root Mon Apr 11 01:23:37 2011
Subject:
Folder: /var/mail/root/msg.OFT 26051
The result showed as if there was no match, futhermore, the bash code that I am trying to run:
echo "$LASTFOLDER" seemed not to be ran as bash? And does anyone know how I can test my procmail filter on some testing platform sandbox so I don't have to send a bunch of emails everytime I change the file and waste time and disk space testing new filters?