Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z]

packet filtering [See filtering]

packet routing

packet traversal

     IPFW

     NAT

     Netfilter 2nd

packets

     dropped packets, logging 2nd 3rd 4th 5th 6th 7th [See also filtering]

    incoming packets

         iptables

         limiting to selected remote sites

         probes

         scans 2nd 3rd 4th 5th 6th

     IPFW packet traversal

     matching packets 2nd

     multicast network packets, dropping

     multicast packets

     NAT packet traversal

     rejecting versus denying

Parameter Problem messages 2nd

passive-mode FTP data channels 2nd 3rd

patching kernel 2nd

PaX Control (GrSec)

penetration testing

     Hping2

     Nessus

     Nikto 2nd

     Nmap 2nd

persistence (objects)

Physical layer (OSI model)

ping

     capturing with TCPDump

     Echo Request and Echo Reply messages 2nd

     ping flooding on incoming packets

     ping messages, limiting

     Ping of Death 2nd

pipe symbol (|)

Point-to-Point Tunneling Protocol [See PPTP]

policies

    default policies

         defining 2nd

         packet-filtering firewalls 2nd 3rd

         rules

     deny-everything-by-default policies

     FORWARD policy

POP (Post Office Protocol) 2nd 3rd

    email

         retrieving 2nd

         sending 2nd

     POP servers for remote clients

PoPToP

port mode (FTP)

port type qualifiers (TCPDump)

port-mode FTP data channels 2nd

ports

     numbers

     open ports, checking for

         fuser

         netstat 2nd 3rd

         nmap

         strobe 2nd

     processes bound to particular ports, checking

     redirection 2nd

    scans

         problems with

         responding to 2nd

     selective internal access

     service ports 2nd 3rd

     unprivileged ports

Post Office Protocol [See POP]

posting news (Usenet)

postmaster, reporting incidents to

POSTROUTING chain

     mangle table

     nat table

POSTROUTING rules

PPTP (Point-to-Point Tunneling Protocol)

     PoPToP

     security

preexisting rules

     removing 2nd

     removing from choke firewalls

PREROUTING chain

     mangle table

     nat table

Presentation layer (OSI model)

primitives (TCPDump)

private network services 2nd

probes

problem sites, blocking 2nd 3rd

protocol qualifiers (TCPDump)

proxying, transparent 2nd

PSH flag

public gateway firewalls 2nd

public network services 2nd