Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z]

capturing

     FTP conversations

     HTTP conversations 2nd 3rd 4th 5th 6th

     ICMP pings

     SMTP conversations 2nd

     SSH conversations

CERT, reporting incidents to

chains [See also user-defined chains]

     chain commands on rules

     installing 2nd 3rd 4th

     POSTROUTING

     PREROUTING

channels

     passive-mode FTP data channels 2nd 3rd

     port-mode FTP data channels 2nd

chargen services

check types (AIDE) 2nd 3rd

checking

     forwarding rules 2nd 3rd

     input rules 2nd

     open ports 2nd

         fuser

         netstat 2nd 3rd

         nmap

         strobe 2nd

     output rules 2nd 3rd

     processes bound to particular ports

checksums

Chkrootkit 2nd

     downloading

     limitations 2nd

     responding to infections 2nd

     running 2nd

     security 2nd

     system binaries 2nd

     when to use

choke firewalls

     conduits/clients to remote FTP servers

     constants

     default policies

     DMZ configurations as private name servers 2nd

    email

         IMAP clients

         POP clients

     enabling loopback interfaces

     forwarders and web clients

     local DHCP servers 2nd

     NNTP client DMZ configurations

     preexisting rules, removing

     public web servers

     sample iptables choke firewall (code listing) 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th

     setting stage for 2nd

     SMTP client configurations

     SSH configuration

CIDR (Classless Inter Domain Routing)

Class A addresses 2nd

Class B addresses

Class C addresses

Class D addresses

Class E addresses

Classless Inter Domain Routing (CIDR)

classless subnetting

clients

     AUTH clients

     DNS lookups 2nd

    outgoing client access to remote FTP servers

         outgoing FTP requests over control channels

         passive-mode FTP data channels 2nd

         port-mode FTP data channels

    remote clients

         email 2nd

         hosting Usenet news servers for 2nd

         remote site access

         SSH server access

colon (:)

commands [See specific command names]

compiling kernel 2nd 3rd 4th 5th 6th 7th 8th 9th

compromised systems [See intrusion detection]

config option (make command)

configuration

     AIDE (Advanced Intrusion Detection Environment) 2nd 3rd 4th

     choke NNTP client DMZ

     choke SMTP clients

     choke SSH

     gateway NNTP conduit

     gateway SSH

     GrSecurity (Greater Security)

         ACL options

         address space protection

         executable protections

         filesystem protections

         kernel auditing

         logging options

         network protections

         PaX Control

         security levels

         Sysctl support

     internal LANs 2nd

     intrusion detection

     large or less trusted LANs 2nd

         selective internal access

         subnetting to create multiple networks 2nd 3rd

     multiple LANs 2nd 3rd 4th 5th

     Serer DMZ

     Snort 2nd

     syslog 2nd 3rd 4th

     trusted home LANs 2nd

         LAN access to gateway firewalls

         LAN access to other LANs 2nd

    VPNs

         network connections

         roaming users 2nd

connection state 2nd

connection-oriented protocols 2nd

connection-tracking chain 2nd 3rd

connectionless protocols 2nd

constants 2nd

     private choke firewalls

     symbolic constants used in firewall examples

control channels

control messages (ICMP) 2nd 3rd

conversations, capturing with TCPDump

     DNS queries

     FTP

     HTTP 2nd 3rd 4th 5th 6th

     pings

     SMTP 2nd

     SSH

converting gateway firewalls from local services to forwarding

Cricket

custom kernels

customizing AIDE (Advanced Intrusion Detection Environment) reports 2nd 3rd