Установка IPSET, TARPIT и т.д. на Squeeze

Честно скопи-пастил отсюда 🙂

# aptitude update && aptitude install module-assistant xtables-addons-source
# m-a prepare
# m-a auto-install xtables-addons-source
# depmod -a

Новые таржеты для :

  • CHAOS: randomly use REJECT, DELUDE or TARPIT targets.
    This will fool network scanners by returning random results
  • DELUDE: always reply to a SYN by a SYN-ACK. This will fool TCP half-open discovery
  • DHCPADDR: replace a MAC address from and to a VMware host
  • IPMARK: mark a packet, based on its IP address
  • LOGMARK: log packet and mark to syslog
  • SYSRQ: trigger a sysreq over the network (sending a saK over the network looks like a real funny ida
  • TARPIT: try to slow down (or DoS) remote host by capturing the session and holding it for a long time, using a 0-bytes TCP window. Run that on port 25 if you have no mail server to slow down spammers 😉

Новые совпадения (matches) для iptables:
condition: match on boolean value stored in /proc/net/nf_condition/name
dhcpaddr: match the DHCP Client Host address in a DHCP message
fuzzy: match a rate limit based on a fuzzy logic controller
geoip: match a packet by its source or destination country
ipp2p: match (certain) p2p protocols
quota2: named counters
pknock: port knock
.... и другие.

У себя собрал, но запустить в работу еще руки не дошли.

One comment on “Установка IPSET, TARPIT и т.д. на Squeeze

Добавить комментарий

Ваш e-mail не будет опубликован. Обязательные поля помечены *

*