3522| 39
|
[Linux电子书] 《linux firewalls》334页英文原版书籍 Linux下防火墙技术学习 |
《linux firewalls》334页英文原版书籍 Linux下防火墙技术学习
资源介绍/目录/截图 Acknowledgments ..........................................................................................................xv Foreword by Richard Bejtlich .........................................................................................xvii Introduction ....................................................................................................................1 Chapter 1: Care and Feeding of iptables ...........................................................................9 Chapter 2: Network Layer Attacks and Defense ................................................................35 Chapter 3: Transport Layer Attacks and Defense ...............................................................49 Chapter 4: Application Layer Attacks and Defense ............................................................69 Chapter 5: Introducing psad: The Port Scan Attack Detector ...............................................81 Chapter 6: psad Operations: Detecting Suspicious Traffic ..................................................99 Chapter 7: Advanced psad Topics: From Signature Matching to OS Fingerprinting.............113 Chapter 8: Active Response with psad...........................................................................131 Chapter 9: Translating Snort Rules into iptables Rules ......................................................149 Chapter 10: Deploying fwsnort .....................................................................................173 Chapter 11: Combining psad and fwsnort .....................................................................193 Chapter 12: Port Knocking vs. Single Packet Authorization ..............................................213 Chapter 13: Introducing fwknop ...................................................................................231 Chapter 14: Visualizing iptables Logs............................................................................257 Appendix A: Attack Spoofing .......................................................................................279 Appendix B: A Complete fwsnort Script .........................................................................285 Index .........................................................................................................................291 ACKNOWLEDGMENTS xv FOREWORD by Richard Bejt lich xvii INTRODUCTION 1 Why Detect Attacks with iptables? .............................................................................. 2 What About Dedicated Network Intrusion Detection Systems? ........................... 3 Defense in Depth ......................................................................................... 4 Prerequisites ............................................................................................................ 4 Technical References ................................................................................................ 5 About the Website ................................................................................................... 5 Chapter Summaries .................................................................................................. 6 1 CARE AND FEEDING OF IPTABLES 9 iptables ................................................................................................................... 9 Packet Filtering with iptables .................................................................................... 10 Tables ...................................................................................................... 11 Chains ..................................................................................................... 11 Matches ................................................................................................... 12 Targets .................................................................................................... 12 Installing iptables ................................................................................................... 12 Kernel Configuration .............................................................................................. 14 Essential Netfilter Compilation Options ........................................................ 15 Finishing the Kernel Configuration ............................................................... 16 Loadable Kernel Modules vs. Built-in Compilation and Security ....................... 16 Security and Minimal Compilation ............................................................................ 17 Kernel Compilation and Installation .......................................................................... 18 Installing the iptables Userland Binaries .................................................................... 19 Default iptables Policy ............................................................................................. 20 Policy Requirements ................................................................................... 20 iptables.sh Script Preamble ......................................................................... 22 The INPUT Chain ...................................................................................... 22 The OUTPUT Chain ................................................................................... 24 The FORWARD Chain ............................................................................... 25 Network Address Translation ..................................................................... 26 Activating the Policy .................................................................................. 27 iptables-save and iptables-restore ................................................................ 27 Testing the Policy: TCP ............................................................................... 29 Testing the Policy: UDP .............................................................................. 31 Testing the Policy: ICMP ............................................................................. 32 Concluding Thoughts .............................................................................................. 33 2 NETWORK LAYER ATTACKS AND DEFENSE 35 Logging Network Layer Headers with iptables ........................................................... 35 Logging the IP Header ............................................................................... 36 Network Layer Attack Definitions .............................................................................. 38 Abusing the Network Layer ..................................................................................... 39 Nmap ICMP Ping ...................................................................................... 39 IP Spoofing ............................................................................................... 40 IP Fragmentation ....................................................................................... 41 Low TTL Values .......................................................................................... 42 The Smurf Attack ....................................................................................... 43 DDoS Attacks ............................................................................................ 44 Linux Kernel IGMP Attack ........................................................................... 44 Network Layer Responses ........................................................................................ 45 Network Layer Filtering Response ................................................................ 45 Network Layer Thresholding Response ......................................................... 45 Combining Responses Across Layers ............................................................ 46 3 TRANSPORT LAYER ATTACKS AND DEFENSE 49 Logging Transport Layer Headers with iptables .......................................................... 50 Logging the TCP Header ............................................................................ 50 Logging the UDP Header ............................................................................ 52 Transport Layer Attack Definitions ............................................................................. 52 Abusing the Transport Layer .................................................................................... 53 Port Scans ................................................................................................ 53 Port Sweeps ............................................................................................. 61 TCP Sequence Prediction Attacks ................................................................. 61 SYN Floods .............................................................................................. 62 Transport Layer Responses ....................................................................................... 62 TCP Responses .......................................................................................... 62 UDP Responses ......................................................................................... 66 Firewall Rules and Router ACLs ................................................................... 67 4 APPLICATION LAYER ATTACKS AND DEFENSE 69 Application Layer String Matching with iptables ......................................................... 70 Observing the String Match Extension in Action ............................................ 70 Matching Non-Printable Application Layer Data ............................................ 71 Application Layer Attack Definitions .......................................................................... 72 Abusing the Application Layer ................................................................................. 73 Snort Signatures ........................................................................................ 74 Buffer Overflow Exploits ............................................................................. 74 SQL Injection Attacks ................................................................................. 76 Gray Matter Hacking ................................................................................. 77 Encryption and Application Encodings ...................................................................... 79 Application Layer Responses .................................................................................... 80
购买主题
已有 4 人购买
本主题需向作者支付 2 金币 才能浏览
| |
发表于 2014-3-17 21:08:40
|
显示全部楼层
| ||
发表于 2014-3-28 23:18:17
|
显示全部楼层
| ||
发表于 2014-4-8 14:45:48
|
显示全部楼层
| ||
发表于 2016-5-15 18:44:30
|
显示全部楼层
| ||
发表于 2016-5-18 00:00:28
|
显示全部楼层
| ||
发表于 2016-6-12 20:41:37
|
显示全部楼层
| ||
发表于 2016-6-13 22:16:52
|
显示全部楼层
| ||
发表于 2016-8-26 09:26:17
|
显示全部楼层
| ||