filter to prevent denial of service attacks
hello, We are new to the Total Controls and have been using Portmasters. We have been searching the manuals, the Internet and the maillist archives (through google searches) but have not found the answers for some questions. On our portmasters, we can set up firewall scripts/filters to block denial of service attacks by blocking ip traffic directly to the ip address of the portmaster on its ethernet port except for our local network, dns, and radius servers external to us. Is there a way to do this on the Total control? If so, what exactly do we need to do to implement it? Thank you
PD TC wrote:
hello,
We are new to the Total Controls and have been using Portmasters. We have been searching the manuals, the Internet and the maillist archives (through google searches) but have not found the answers for some questions.
On our portmasters, we can set up firewall scripts/filters to block denial of service attacks by blocking ip traffic directly to the ip address of the portmaster on its ethernet port except for our local network, dns, and radius servers external to us.
Is there a way to do this on the Total control? If so, what exactly do we need to do to implement it?
That might have some unespceted results. You can put filters in place. The syntax is pretty crude but you can filter on IP, ports, a combination, destination, source. Basically what you would expect. ustar has the docs on that and they are pretty complete. I think I have posted some filter configs before so if you search for filter it is likely to yield results.
Lewis Bergman wrote:
PD TC wrote:
hello,
We are new to the Total Controls and have been using Portmasters. We have been searching the manuals, the Internet and the maillist archives (through google searches) but have not found the answers for some questions.
On our portmasters, we can set up firewall scripts/filters to block denial of service attacks by blocking ip traffic directly to the ip address of the portmaster on its ethernet port except for our local network, dns, and radius servers external to us.
Is there a way to do this on the Total control? If so, what exactly do we need to do to implement it? Sorry, here is an example of what we filter and is an example of the syntax.
HiPer>> show file virus.in #filter IP: 10 ACCEPT dst-addr=0.0.0.0; 20 REJECT tcp-dst-port=135; 30 REJECT tcp-dst-port=137; 40 REJECT tcp-dst-port=138; 50 REJECT tcp-dst-port=139; 60 REJECT tcp-dst-port=445; 70 REJECT udp-dst-port=135; 80 REJECT udp-dst-port=137; 90 REJECT udp-dst-port=138; 100 REJECT udp-dst-port=139; 110 REJECT udp-dst-port=445; 120 REJECT tcp-src-port=135; 130 REJECT tcp-src-port=137; 140 REJECT tcp-src-port=138; 150 REJECT tcp-src-port=139; 160 REJECT tcp-src-port=445; 170 REJECT udp-src-port=135; 180 REJECT udp-src-port=137; 190 REJECT udp-src-port=138; 200 REJECT udp-src-port=139; 210 REJECT udp-src-port=445;
Interesting, what does the first 0.0.0.0 do?
Lewis Bergman wrote: Sorry, here is an example of what we filter and is an example of the syntax.
HiPer>> show file virus.in #filter IP: 10 ACCEPT dst-addr=0.0.0.0; 20 REJECT tcp-dst-port=135; 30 REJECT tcp-dst-port=137; 40 REJECT tcp-dst-port=138; 50 REJECT tcp-dst-port=139; 60 REJECT tcp-dst-port=445; 70 REJECT udp-dst-port=135; 80 REJECT udp-dst-port=137; 90 REJECT udp-dst-port=138; 100 REJECT udp-dst-port=139; 110 REJECT udp-dst-port=445; 120 REJECT tcp-src-port=135; 130 REJECT tcp-src-port=137; 140 REJECT tcp-src-port=138; 150 REJECT tcp-src-port=139; 160 REJECT tcp-src-port=445; 170 REJECT udp-src-port=135; 180 REJECT udp-src-port=137; 190 REJECT udp-src-port=138; 200 REJECT udp-src-port=139; 210 REJECT udp-src-port=445;
nabil@nccom.com wrote:
Interesting, what does the first 0.0.0.0 do?
Lewis Bergman wrote: Sorry, here is an example of what we filter and is an example of the syntax.
HiPer>> show file virus.in #filter IP: 10 ACCEPT dst-addr=0.0.0.0; 20 REJECT tcp-dst-port=135; 30 REJECT tcp-dst-port=137; 40 REJECT tcp-dst-port=138; 50 REJECT tcp-dst-port=139; 60 REJECT tcp-dst-port=445; 70 REJECT udp-dst-port=135; 80 REJECT udp-dst-port=137; 90 REJECT udp-dst-port=138; 100 REJECT udp-dst-port=139; 110 REJECT udp-dst-port=445; 120 REJECT tcp-src-port=135; 130 REJECT tcp-src-port=137; 140 REJECT tcp-src-port=138; 150 REJECT tcp-src-port=139; 160 REJECT tcp-src-port=445; 170 REJECT udp-src-port=135; 180 REJECT udp-src-port=137; 190 REJECT udp-src-port=138; 200 REJECT udp-src-port=139; 210 REJECT udp-src-port=445;
accepts traffic from the internet.
Lewis Bergman wrote:
PD TC wrote:
set up firewall scripts/filters to block denial of service attacks by blocking ip traffic directly to the ip address
Is there a way to do this on the Total control? If so, what exactly do we need to do to implement it? Sorry, here is an example of what we filter and is an example of the syntax.
Thank you for your reply. In your example below, does an IP address need to be put in the line "IP:"? Is it supposed to be the IP address of the ethernet port on the HiperARC card? What is the command line command to create a file on the HiperArc and then type out the rules and save the file? Is the file supposed to be saved in a particular location?
HiPer>> show file virus.in #filter IP: 10 ACCEPT dst-addr=0.0.0.0; 20 REJECT tcp-dst-port=135; 30 REJECT tcp-dst-port=137; 40 REJECT tcp-dst-port=138; 50 REJECT tcp-dst-port=139; 60 REJECT tcp-dst-port=445; 70 REJECT udp-dst-port=135; 80 REJECT udp-dst-port=137; 90 REJECT udp-dst-port=138; 100 REJECT udp-dst-port=139; 110 REJECT udp-dst-port=445; 120 REJECT tcp-src-port=135; 130 REJECT tcp-src-port=137; 140 REJECT tcp-src-port=138; 150 REJECT tcp-src-port=139; 160 REJECT tcp-src-port=445; 170 REJECT udp-src-port=135; 180 REJECT udp-src-port=137; 190 REJECT udp-src-port=138; 200 REJECT udp-src-port=139; 210 REJECT udp-src-port=445;
http://utstar.custhelp.com/cgi-bin/utstar.cfg/php/enduser/std_adp.php?p_ faqid=1664&p_li=cF91c2VyaWQ9YmVydG9sb3omcF9lbWFpbD10b2RkLmJlcnRvbG96emlA dm95YWdlci5uZXQmcF9maXJzdF9uYW1lPVRvZGQmcF9sYXN0X25hbWU9QmVydG9sb3p6aSZj b21wYW55X2lkPSZwX2NjZl8yPQ** Not sure if that link will work for you or not, but you can find most if not all the answers to your questions off the utstar site. It requires a free login. Todd -----Original Message----- From: usr-tc-bounces+berto=core.com@mailman.xmission.com [mailto:usr-tc-bounces+berto=core.com@mailman.xmission.com] On Behalf Of PD TC Sent: Thursday, November 17, 2005 3:15 PM To: Discussion relating to the 3Com/US Robotics Total Control modem systems. Subject: Re: [USR-TC] filter to prevent denial of service attacks
Lewis Bergman wrote:
PD TC wrote:
set up firewall scripts/filters to block denial of service attacks by blocking ip traffic directly to the ip address
Is there a way to do this on the Total control? If so, what exactly do we need to do to implement it? Sorry, here is an example of what we filter and is an example of the syntax.
Thank you for your reply. In your example below, does an IP address need to be put in the line "IP:"? Is it supposed to be the IP address of the ethernet port on the HiperARC card? What is the command line command to create a file on the HiperArc and then type out the rules and save the file? Is the file supposed to be saved in a particular location?
HiPer>> show file virus.in #filter IP: 10 ACCEPT dst-addr=0.0.0.0; 20 REJECT tcp-dst-port=135; 30 REJECT tcp-dst-port=137; 40 REJECT tcp-dst-port=138; 50 REJECT tcp-dst-port=139; 60 REJECT tcp-dst-port=445; 70 REJECT udp-dst-port=135; 80 REJECT udp-dst-port=137; 90 REJECT udp-dst-port=138; 100 REJECT udp-dst-port=139; 110 REJECT udp-dst-port=445; 120 REJECT tcp-src-port=135; 130 REJECT tcp-src-port=137; 140 REJECT tcp-src-port=138; 150 REJECT tcp-src-port=139; 160 REJECT tcp-src-port=445; 170 REJECT udp-src-port=135; 180 REJECT udp-src-port=137; 190 REJECT udp-src-port=138; 200 REJECT udp-src-port=139; 210 REJECT udp-src-port=445;
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
participants (4)
-
Lewis Bergman -
nabil@nccom.com -
PD TC -
Todd