Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z]

SAs (security associations) 2nd

scans

     incoming packets

         general port scans

         responding to port scans 2nd

         stealth scans

         targeted port scans 2nd 3rd

     service port targets 2nd

     TCP stealth scans

scheduling AIDE (Advanced Intrusion Detection Environment)

Schneier, Bruce

screened-subnet firewalls 2nd

     AUTH user identification service, filtering

     choke firewalls as local DHCP servers 2nd

     DNS 2nd 3rd

         choke DMZ configuration 2nd

         DMZ name server gateway configuration 2nd

    email

         forwarding through gateways 2nd

         retrieving as IMAP client

         retrieving as POP client

    FTP

         choke firewalls as conduits/clients to remote FTP servers

         gateway firewalls as conduits to FTP DMZ servers

         gateway firewalls as conduits to remote FTP servers 2nd

     ICMP control and status messages, filtering

     rule checking, bypassing

     source-address spoofing 2nd

    SSH

         choke SSH configuration

         gateway SSH configurations

     TCP stealth scans and TCP state flags

     Telnet 2nd

    Usenet news services

         choke NNTP client DMZ configurations

         gateway NNTP conduit and server DMZ configurations

     web services

         choke firewalls as forwarders and web clients

         gateway firewalls as conduits for local web clients

         public web servers in DMZ

         web proxies in DMZ 2nd

scripts

     iptables choke firewall 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th

     iptables firewall for standalone system 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15th 16th 17th 18th 19th

     optimized iptables firewall 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15th 16th 17th

Secure Message Transport Protocol [See SMTP]

Secure Network Address Translation [See SNAT]

Secure Shell [See SSH]

Secure Socket Layer (SSL) 2nd

security associations (SAs) 2nd

Security Enhanced Linux (SELinux) 2nd 3rd

Security Identifiers (SIDs)

selective internal access

     by host, address range, or ports

     configuration options for internal LANS 2nd

     configuration options for multiple LANS 2nd 3rd 4th 5th

SELinux 2nd 3rd

sending email

     as SMTP clients and receiving as IMAP clients 2nd

     as SMTP clients and receiving as POP clients 2nd

     as SMTP clients and receiving as SMTP servers 2nd

     as SMTP servers and receiving as SMTP servers 2nd

service daemons, syslogd

service port targets 2nd

service ports 2nd 3rd

services 2nd 3rd [See also TCP (Transmission Control Protocol)]

     AUTH user identification service 2nd 3rd

     choosing which services to run

     network-based services 2nd 3rd

     nonsecure local services, protecting

     protecting on assigned unprivileged ports 2nd

         local TCP services 2nd 3rd

         local UDP services 2nd

     public versus private 2nd

    Usenet news services

         news servers, hosting 2nd

         NNTP 2nd 3rd 4th

         peer news feeds

         reading and posting news

Session layer (OSI model)

SIDs (Security Identifiers)

SKEME

SMTP (Secure Message Transport Protocol) 2nd

     choke configurations

     conversations, capturing with TCPDump 2nd

     email

         receiving as local SMTP servers 2nd

         relaying mail through external gateway SMTP servers 2nd

         sending as SMTP clients and receiving as IMAP clients 2nd

         sending as SMTP clients and receiving as POP clients 2nd

         sending as SMTP clients and receiving as SMTP servers 2nd

         sending as SMTP servers and receiving as SMTP servers 2nd

         sending to any external mail servers

smurf attacks 2nd

SNAT (Source Network Address Translation) 2nd 3rd 4th

     applying to LAN traffic 2nd

     MASQUERADE SNAT

     masquerading LAN traffic 2nd 3rd

     nat table target extensions 2nd

     rules

     standard SNAT 2nd

sniffers 2nd 3rd 4th

     ARPWatch 2nd 3rd 4th

     Cricket

     MRTG

     ntop

     placement of

     Snort 2nd 3rd 4th

         alerts

         configuring 2nd 3rd

         downloading

         installing 2nd

         Swatch

         testing 2nd

     switches/hubs 2nd

     TCPDump 2nd 3rd 4th

         abnormal packet activity 2nd

         command-line options 2nd

         DNS queries, capturing

         downloading

         expressions 2nd 3rd

         FTP conversations, capturing

         HTTP conversations, capturing 2nd 3rd 4th 5th 6th

         ICMP pings, capturing

         installing

         LAND attacks 2nd

         normal scan (nmap) attacks 2nd 3rd

         recording traffic with 2nd 3rd

         SMTP conversations, capturing 2nd

         Smurf attacks

         SSH conversations, capturing

         Xmas Tree attacks

Snort 2nd 3rd 4th

     alerts

     configuring 2nd 3rd

     downloading

     installing 2nd

     Swatch

     testing 2nd

sockets

source addresses

     iptables 2nd

     source address checking, bypassing

     spoofing 2nd 3rd 4th 5th 6th 7th 8th 9th

         loopback addresses

         routers

         screened-subnet firewalls 2nd

Source Network Address Translation [See SNAT]

Source Quench messages

source-address-check chain 2nd 3rd

source-routed packets

spoofing source addresses 2nd 3rd 4th 5th 6th 7th 8th 9th

     loopback addresses

     routers

     screened-subnet firewalls 2nd

squid

SSH (Secure Shell) 2nd

     choke SSH configuration

     client access to remote SSH servers 2nd

     conversations, capturing with TCPDump

     gateway SSH configurations

     login failures, monitoring 2nd

SSL (Secure Socket Layer) 2nd

standalone systems

     iptables choke firewall 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th

     limitations of 2nd 3rd

     optimized iptables firewall 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15th 16th 17th

     sample iptables firewall script 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15th 16th 17th 18th 19th

standard DNAT

standard SNAT 2nd

starting firewalls on boot

     Debian 2nd

     Red Hat and SUSE

state filter table match extensions 2nd 3rd 4th 5th

state flags (TCP)

stateful firewalls

stateless firewalls

status messages (ICMP) 2nd

     Destination Unreachable

     echo-reply

     echo-request 2nd

     fragmented messages

     Parameter Problem

     Source Quench

     Time Exceeded 2nd

STDERR

STDIN

STDOUT 2nd

stealth scans 2nd

     incoming packets, filtering

     TCP

"Steps for Recovering from a UNIX or NT System Compromise"(paper)

Stevens, Richard

stock kernel

strobe 2nd

subjects (SELinux)

subnet masks

subnets 2nd 3rd 4th 5th 6th 7th 8th

SUSE Linux

Swatch 2nd 3rd 4th

switches 2nd

symbolic constants 2nd 3rd

     private choke firewalls

     public gateway firewalls 2nd

SYN ACK

SYN flag 2nd 3rd 4th 5th 6th 7th

Sysctl support (GrSec)

syslog 2nd 3rd 4th

syslogd 2nd 3rd 4th

system logs

     firewall log messages 2nd 3rd 4th

         duplicating

         TCP example 2nd

         UDP example 2nd

     intrusion detection 2nd

     syslog configuration 2nd 3rd 4th