These classnotes are depreciated. As of 2005, I no longer teach the classes. Notes will remain online for legacy purposes

UNIX03/Overview Of Firewall System

Classnotes | UNIX03 | RecentChanges | Preferences

No diff available--this is the first major revision. (no other diffs)
This Adaptive Firewall system involves a number of simple parts and the usage of both IP Tables and TCP Wrappers.

First, the /etc/hosts.allow file is configured to allow or deny various services to specified hosts, IPs, or domains. The Adaptive Firewall relies on TCP Wrappers' capability that allows a system administrator to specify one ore more shell commands when denying a given service.

The Adaptive Firewall takes advantage of this to invoke a shell script called blockip (which is provided on the CD-ROM that accompanies the book). blockip will adapt the firewall in real time to stop a cracker's IP from accessing any service, will send e-mail to the System Administrators, and will page them as well, if desired. It sends different mail depending on whether the attacker is new or a return vistor (and still being blocked). blockip also has various "bells and whistles" than can be used to produce auditory or visual indicators than an attack is underway.

blockip then writes the new rules to a startup script which can be used to restore them at next boot.



Classnotes | UNIX03 | RecentChanges | Preferences
This page is read-only | View other revisions
Last edited June 21, 2003 3:39 am (diff)
Search:
(C) Copyright 2003 Samuel Hart
Creative Commons License
This work is licensed under a Creative Commons License.