how to prevent Bogons ?

basbosco · 03-01-2004, 11:20 AM

HI

I am struggling to prevent the bogus list ..I am getting teh bogus mail in /var/spool/mail list.. I don'nt know how to prevent the bogus list?

Kindly help me to prevent ..

How to prevent the bogon network in the iptables ?

How to prevent Dos attack?

I am waiting for ur reply. Thank u very much.

Regards
Basbosco

chort · 03-01-2004, 11:28 AM

List of bogon networks may be found right here. Note that they update their list as ARIN (and others) add and remove allocations.

PS, if someone tells him to just ignore bogons, I'll kick you in the groin. Ignoring spoofing and/or improper configurations is not the secure thing to do.

basbosco · 03-01-2004, 11:37 AM

Hi

please don't scold me .. I don't know how to do.

Please give me proper solution .

Regards
Basbosco

chort · 03-01-2004, 12:06 PM

Don't worry, the last part wasn't directed at you, basbosco. Some people here give bad advice and tell newbies to just ignore bogons, which is wrong. What you're trying to do is correct.

The link I posted above (click on where it says "right here") goes to a list of bogon networks, but I posted the link to the main page so if you bookmark it, you'll have the right place. They update the list from time to time. If you want to just directly download the list, you can get it by clicking here. All that is left is to save that to a file and have netfilter/iptables load the file into it's block list. You should apply the blocking rule to your Internet NIC, because all these IPs are spoofed if they try to come in from the Internet.

I know how to do this in OpenBSD with PF, but I do not recall how to do it with netfilter/iptables. Maybe someone that is more familiar with iptables can show you how.

Preventing DoS attacks is a lot harder. First off, you cannot prevent any attack that uses up all your bandwidth. Only your ISP (and their carrier) can help with that. For simple things like ping floods, SYN floods, etc you can help a little. Turn on TCP SYN cookies to help with the possibility of a SYN flood. Also, you can add some rate limit options to iptables, but again I don't know the syntax for that, maybe someone else can help.

peter_robb · 03-01-2004, 03:53 PM

See here... http://www.linuxquestions.org/questi...hreadid=128351

benjithegreat98 · 03-01-2004, 10:35 PM

if you download http://www.cymru.com/Documents/bogon-bn-agg.txt into a file called something like /etc/firewall/ip_spoof.list then you can put this in your firewall defs

Code:

for ipaddr in `cat /etc/firewall/ip_spoof.list`
do
  iptables -A INPUT -s $ipaddr -i eth0 -j ip_spoof
  iptables -A FORWARD -s $ipaddr -i eth0 -j ip_spoof
done

iptables -N ip_spoof
iptables -A ip_spoof -j LOG --log-prefix IP_SPOOF
iptables -A ip_spoof -j DROP

this is what I have for my router/firewall so you may not be able to use it verbatim.