Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z]

file (log) [See logging]

File Transfer Protocol [See FTP]

filesystem integrity 2nd 3rd

    AIDE (Advanced Intrusion Detection Environment)

         check types 2nd 3rd

         configuration files 2nd 3rd 4th

         database updates 2nd

         initialization

         installation

         macros 2nd

         monitoring filesystems with 2nd 3rd

         reports, customizing 2nd 3rd

         scheduling to run automatically

         verbose output

     checksums

     definition of

     GrSec

     intrusion detection 2nd

     Tripwire

filter table 2nd 3rd 4th

     addrtype filter table match extensions 2nd

     dstlimit filter table match extensions 2nd

     filter table target extensions

     icmp filter table match operator 2nd

     iprange filter table match

     iptables 2nd

     length filter table match

     limit filter table match extensions 2nd

    listing formats

         iptables -n L INPUT 2nd

         iptables -v L INPUT 2nd

         iptables L INPUT 2nd 3rd

     mac filter table match extensions

     mark filter table match extensions

     match operations 2nd

     multiport filter table match extensions 2nd 3rd 4th

     operations on entire chains

     operations on rules

     owner filter table match extensions 2nd

     state filter table match extensions 2nd 3rd 4th 5th

     target extensions

     tcp filter table match operations

     tos filter table match extensions 2nd

     udp filter table match operations

     ULOG table target extensions 2nd

     unclean filter table match extensions 2nd

filtering

     AUTH requests 2nd 3rd [See also denial-of-service attacks]

     FTP

     ICMP control messages

     incoming packets 2nd 3rd 4th 5th 6th

         chains

         default policies 2nd 3rd

         general port scans

         incoming TCP connection-state filtering

         iptables 2nd

         local destination address filtering

         local destination port filtering

         port scans 2nd

         remote source address filtering 2nd 3rd 4th

         remote source port filtering

         source-routed packets

         stealth scans

         targeted port scans 2nd 3rd

     outgoing packets

         local source address filtering

         local source port filtering

         outgoing TCP connection-state filtering

         remote destination address filtering 2nd

         remote destination port filtering

     rp filter

FIN flag

firewall log messages

     duplicating

     TCP example 2nd

     UDP example 2nd

firewall rules [See rules]

first matching rule wins

flags

     ACK

     TCP state flags 2nd 3rd

flooding

     ping flooding

     TCP SYN flooding 2nd 3rd

     UDP flooding

FORWARD chain

FORWARD policy

FORWARD rules

forwarding

     converting gateway firewalls from local services

     local traffic among multiple LANs 2nd

     mail through gateways 2nd

     rule checking 2nd 3rd

fragmentation 2nd

     fragmentation bombs on incoming packets 2nd

     fragmented ICMP messages

FreeS/WAN

FTP (File Transfer Protocol) 2nd 3rd

     choke firewalls as conduits/clients to remote FTP servers

     conversations, capturing with TCPDump

    gateway firewalls

         FTP DMZ servers

         remote FTP servers 2nd

    incoming access to FTP servers

         incoming FTP requests

         passive-mode FTP data channel responses

         port mode FTP data channel responses

    outgoing access to FTP servers

         outgoing FTP requests over control channels

         passive-mode FTP data channels 2nd

         port-mode FTP data channels

     packet-filtering

     port mode

     protocols

     TFTP

fuser