HostedDB - Dedicated UNIX Servers
Securing-Optimizing-RH-Linux-1_2_122
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca © Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ® 122     ipchains -A input  -i $EXTERNAL_INTERFACE -s 76.0.0.0/8 -j DENY -l     ipchains -A input  -i $EXTERNAL_INTERFACE -s 77.0.0.0/8 -j DENY -l     ipchains -A input  -i $EXTERNAL_INTERFACE -s 78.0.0.0/8 -j DENY -l     ipchains -A input  -i $EXTERNAL_INTERFACE -s 79.0.0.0/8 -j DENY -l     #80: 01010000   - /4 masks 80-95     ipchains -A input  -i $EXTERNAL_INTERFACE -s 80.0.0.0/4 -j DENY -l     # 96: 01100000    - /4 makses 96-111     ipchains -A input  -i $EXTERNAL_INTERFACE -s 96.0.0.0/4 -j DENY -l     #126: 01111110    - /3 includes 127 - need 112-126 spelled out     ipchains -A input  -i $EXTERNAL_INTERFACE -s 112.0.0.0/8 -j DENY -l     ipchains -A input  -i $EXTERNAL_INTERFACE -s 113.0.0.0/8 -j DENY -l     ipchains -A input  -i $EXTERNAL_INTERFACE -s 114.0.0.0/8 -j DENY -l     ipchains -A input  -i $EXTERNAL_INTERFACE -s 115.0.0.0/8 -j DENY -l     ipchains -A input  -i $EXTERNAL_INTERFACE -s 116.0.0.0/8 -j DENY -l     ipchains -A input  -i $EXTERNAL_INTERFACE -s 117.0.0.0/8 -j DENY -l     ipchains -A input  -i $EXTERNAL_INTERFACE -s 118.0.0.0/8 -j DENY -l     ipchains -A input  -i $EXTERNAL_INTERFACE -s 119.0.0.0/8 -j DENY -l     ipchains -A input  -i $EXTERNAL_INTERFACE -s 120.0 .0.0/8 -j DENY -l     ipchains -A input  -i $EXTERNAL_INTERFACE -s 121.0.0.0/8 -j DENY -l     ipchains -A input  -i $EXTERNAL_INTERFACE -s 122.0.0.0/8 -j DENY -l     ipchains -A input  -i $EXTERNAL_INTERFACE -s 123.0.0.0/8 -j DENY -l     ipchains -A input  -i $EXTERNAL_INTERFACE -s 124.0.0.0/8 -j DENY -l     ipchains -A input  -i $EXTERNAL_INTERFACE -s 125.0.0.0/8 -j DENY -l     ipchains -A input  -i $EXTERNAL_INTERFACE -s 126.0.0.0/8 -j DENY -l     #217: 11011001    - /5 includes 216 - need 217-219 spelled out     ipchains -A input  -i $EXTERNAL_INTERFACE -s 217.0.0.0/8 -j DENY -l     ipchains -A input  -i $EXTERNAL_INTERFACE -s 218.0.0.0/8 -j DENY -l     ipchains -A input  -i $EXTERNAL_INTERFACE -s 219.0.0.0/8 -j DENY -l     #223: 11011111    - /6 masks 220-223     ipchains -A input  -i $EXTERNAL_INTERFACE -s 220.0.0.0/6 -j DENY -l # ---------------------------------------------------------------------------- # ICMP     #    To prevent denial of service attacks based on ICMP bombs, filter     #    incoming Redirect (5) and outgoing Destination Unreachable (3).     #    Note, however, disabling Destination Unreachable (3) is not     #    advisable, as it is used to negotiate packet fragment size.     # For bi-directional ping.     #     Message Types:  Echo_Reply (0),  Echo_Request (8)     #     To prevent attacks, limit the src addresses to your ISP range.     #       # For outgoing traceroute.     #     Message Types:  INCOMING Dest_Unreachable (3), Time_Exceeded (11)     #     default UDP base: 33434 to  base+nhops -1     #       # For incoming traceroute.     #     Message Types:  OUTGOING Dest_Unreachable (3), Time_Exceeded (11)     #     To block this, deny OUTGOING 3 and 11     #  0: echo-reply (pong)     #  3: destination-unreachable, port-unreachable, fragmentation-needed, etc.     #  4: source-quench     #  5: redirect     #  8: echo-request (ping)     # 11: time-exceeded