Is Linux kernel 2.6 protected against these DoS attacks? - Security

This is a discussion on Is Linux kernel 2.6 protected against these DoS attacks? - Security ; Hi, I'm kind of new to the secury business, and I ned a bit of help. A) I'm trying to find out if Linux 2.6 is protected against these Denial of Service attacks: 1. TCP SYN attack (SYN FLOOD) 2. ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Is Linux kernel 2.6 protected against these DoS attacks?

  1. Is Linux kernel 2.6 protected against these DoS attacks?

    Hi,

    I'm kind of new to the secury business, and I ned a bit of help.

    A) I'm trying to find out if Linux 2.6 is protected against these
    Denial of Service attacks:

    1. TCP SYN attack (SYN FLOOD)
    2. LAND AND LATIERRA ATTACKS
    3. MAL FRAGMENTED PACKETS, TEARDROP, OVERLAP
    4. JOLT2

    I've heared that 2.6 should be protected against those, but I can't
    seem to find any official notes about it.

    B) Where can I find a tool for testing these?

    Thanks,
    Erez.


  2. Re: Is Linux kernel 2.6 protected against these DoS attacks?

    > A) I'm trying to find out if Linux 2.6 is protected against these
    > Denial of Service attacks:
    >
    > 1. TCP SYN attack (SYN FLOOD)
    > 2. LAND AND LATIERRA ATTACKS
    > 3. MAL FRAGMENTED PACKETS, TEARDROP, OVERLAP
    > 4. JOLT2
    >
    > I've heared that 2.6 should be protected against those, but I can't
    > seem to find any official notes about it.
    >


    The reason you can't find notes about it are because it's not really
    up to the kernel itself. I compile custom kernels on all my systems,
    which use only the things I need, and, depending on the option, I
    compile it as a module if it's uneccessary, maximizing uptime as well
    as keeping out an unneccessary items that may or may not be exploited.

    In your kernel configuration for 2.6, you've got all sorts of options
    under the IP Filter section. I usually select the ones I use on a
    normal basis, and load them as modules. Then, as you configure your
    firewall (I do it by hand), make sure you use the modules you've
    compiled into the kernel, and add the rules that will be best to defend
    against those attacks (think packet STATE filtering for the most part
    with DoS attacks...)


    > B) Where can I find a tool for testing these?
    >


    I use a variety of tools for pen testing, including my own suite I
    developed with python, wxpython, and the python twisted libraries.
    Some that you should take a look at are nmap (port scanning), ettercap
    (packet filtering), ethereal (packet filtering), metasploit
    (application pentesting) , nc (the swiss army knife)...


    Thanks,

    Paul
    http://eventuallyanyway.com


+ Reply to Thread