---

---

Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca © Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ® 48 A "SYN Attack" is a denial of service (DoS) attack that consumes all the resources on your machine, forcing you to reboot. Denials of service attacks (attacks which incapacitate a server due to high traffic volume or ones that tie-up system resources enough that the server cannot respond to a legitimate connection request from a remote system) are easily achievable from internal resources or external connections via extranets and Internet. To enable it, you have to do:   [root@deep /]# echo 1 > /proc/sys/net/ipv4/tcp_syncookies Add the above commands to the “/etc/rc.d/rc.local” script file and you’ll not have to type it again the next time if you reboot your system. If you intended to install the IPCHAINS Firewall rules described in this book (see chapter 7 Networking Firewall), you don’t need to make this command, since it’s already appear in the Firewall script file. NOTE: If you receive an error message during execution of the above command, check that you are enable the TCP syncookie option in your kernel configuration: IP: TCP syncookie support (not enabled per default) (CONFIG_SYN_COOKIES) [Y/n/?]. 19. The “/etc/services” file The port numbers on which certain "standard" services are offered are defined in the RFC 1700 "Assigned Numbers". The "/etc/services" file enable server and client programs to convert service names to these numbers (ports), the list is kept on each host and it is stored in the file "/etc/services". Only the "root" user is allowed to make modification in this file and it is rare to edit the "/etc/services" file to make change, since it already contains the more common ones service names to port numbers. To improve security we can immunize this file to prevent unauthorized deletion or addition of services. · To immunize the “/etc/services” file, use the command: [root@deep /]# chattr +i /etc/services 20. The “/etc/securetty” file The “/etc/securetty” file allows you to specify which  TTY devices the “root” user is allowed to login on. The “/etc/securetty” file is read by the login program (usually “/bin/login”). Its format is a list of the tty devices names allowed, and on all others tty that are commented out or doesn’t appear in this file, root login is disallowed. Disable any tty that you do not need by commenting them out (# at the beginning of the line). Edit the securetty file (vi /etc/securetty) and comment out the following lines: tty1 #tty2 #tty3 #tty4 #tty5 #tty6 #tty7 #tty8 Which means root is only allowed to login on tty1. This is my recommendation, allowing “root” to log only on one tty device and use the  “su” command to switch to “root” if you need more tty device to log on as “root”.