S | Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z]

SAs (security associations) 2nd
scans
     incoming packets
         general port scans
         responding to port scans 2nd
         stealth scans
         targeted port scans 2nd 3rd
     service port targets 2nd
     TCP stealth scans
scheduling AIDE (Advanced Intrusion Detection Environment)
Schneier, Bruce
screened-subnet firewalls 2nd
     AUTH user identification service, filtering
     choke firewalls as local DHCP servers 2nd
     DNS 2nd 3rd
         choke DMZ configuration 2nd
         DMZ name server gateway configuration 2nd
    email
         forwarding through gateways 2nd
         retrieving as IMAP client
         retrieving as POP client
    FTP
         choke firewalls as conduits/clients to remote FTP servers
         gateway firewalls as conduits to FTP DMZ servers
         gateway firewalls as conduits to remote FTP servers 2nd
     ICMP control and status messages, filtering
     rule checking, bypassing
     source-address spoofing 2nd
    SSH
         choke SSH configuration
         gateway SSH configurations
     TCP stealth scans and TCP state flags
     Telnet 2nd
    Usenet news services
         choke NNTP client DMZ configurations
         gateway NNTP conduit and server DMZ configurations
     web services
         choke firewalls as forwarders and web clients
         gateway firewalls as conduits for local web clients
         public web servers in DMZ
         web proxies in DMZ 2nd
scripts
     iptables choke firewall 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th
     iptables firewall for standalone system 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15th 16th 17th 18th 19th
     optimized iptables firewall 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15th 16th 17th
Secure Message Transport Protocol [See SMTP]
Secure Network Address Translation [See SNAT]
Secure Shell [See SSH]
Secure Socket Layer (SSL) 2nd
security associations (SAs) 2nd
Security Enhanced Linux (SELinux) 2nd 3rd
Security Identifiers (SIDs)
selective internal access
     by host, address range, or ports
     configuration options for internal LANS 2nd
     configuration options for multiple LANS 2nd 3rd 4th 5th
SELinux 2nd 3rd
sending email
     as SMTP clients and receiving as IMAP clients 2nd
     as SMTP clients and receiving as POP clients 2nd
     as SMTP clients and receiving as SMTP servers 2nd
     as SMTP servers and receiving as SMTP servers 2nd
service daemons, syslogd
service port targets 2nd
service ports 2nd 3rd
services 2nd 3rd [See also TCP (Transmission Control Protocol)]
     AUTH user identification service 2nd 3rd
     choosing which services to run
     network-based services 2nd 3rd
     nonsecure local services, protecting
     protecting on assigned unprivileged ports 2nd
         local TCP services 2nd 3rd
         local UDP services 2nd
     public versus private 2nd
    Usenet news services
         news servers, hosting 2nd
         NNTP 2nd 3rd 4th
         peer news feeds
         reading and posting news
Session layer (OSI model)
SIDs (Security Identifiers)
SKEME
SMTP (Secure Message Transport Protocol) 2nd
     choke configurations
     conversations, capturing with TCPDump 2nd
     email
         receiving as local SMTP servers 2nd
         relaying mail through external gateway SMTP servers 2nd
         sending as SMTP clients and receiving as IMAP clients 2nd
         sending as SMTP clients and receiving as POP clients 2nd
         sending as SMTP clients and receiving as SMTP servers 2nd
         sending as SMTP servers and receiving as SMTP servers 2nd
         sending to any external mail servers
smurf attacks 2nd
SNAT (Source Network Address Translation) 2nd 3rd 4th
     applying to LAN traffic 2nd
     MASQUERADE SNAT
     masquerading LAN traffic 2nd 3rd
     nat table target extensions 2nd
     rules
     standard SNAT 2nd
sniffers 2nd 3rd 4th
     ARPWatch 2nd 3rd 4th
     Cricket
     MRTG
     ntop
     placement of
     Snort 2nd 3rd 4th
         alerts
         configuring 2nd 3rd
         downloading
         installing 2nd
         Swatch
         testing 2nd
     switches/hubs 2nd
     TCPDump 2nd 3rd 4th
         abnormal packet activity 2nd
         command-line options 2nd
         DNS queries, capturing
         downloading
         expressions 2nd 3rd
         FTP conversations, capturing
         HTTP conversations, capturing 2nd 3rd 4th 5th 6th
         ICMP pings, capturing
         installing
         LAND attacks 2nd
         normal scan (nmap) attacks 2nd 3rd
         recording traffic with 2nd 3rd
         SMTP conversations, capturing 2nd
         Smurf attacks
         SSH conversations, capturing
         Xmas Tree attacks
Snort 2nd 3rd 4th
     alerts
     configuring 2nd 3rd
     downloading
     installing 2nd
     Swatch
     testing 2nd
sockets
source addresses
     iptables 2nd
     source address checking, bypassing
     spoofing 2nd 3rd 4th 5th 6th 7th 8th 9th
         loopback addresses
         routers
         screened-subnet firewalls 2nd
Source Network Address Translation [See SNAT]
Source Quench messages
source-address-check chain 2nd 3rd
source-routed packets
spoofing source addresses 2nd 3rd 4th 5th 6th 7th 8th 9th
     loopback addresses
     routers
     screened-subnet firewalls 2nd
squid
SSH (Secure Shell) 2nd
     choke SSH configuration
     client access to remote SSH servers 2nd
     conversations, capturing with TCPDump
     gateway SSH configurations
     login failures, monitoring 2nd
SSL (Secure Socket Layer) 2nd
standalone systems
     iptables choke firewall 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th
     limitations of 2nd 3rd
     optimized iptables firewall 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15th 16th 17th
     sample iptables firewall script 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15th 16th 17th 18th 19th
standard DNAT
standard SNAT 2nd
starting firewalls on boot
     Debian 2nd
     Red Hat and SUSE
state filter table match extensions 2nd 3rd 4th 5th
state flags (TCP)
stateful firewalls
stateless firewalls
status messages (ICMP) 2nd
     Destination Unreachable
     echo-reply
     echo-request 2nd
     fragmented messages
     Parameter Problem
     Source Quench
     Time Exceeded 2nd
STDERR
STDIN
STDOUT 2nd
stealth scans 2nd
     incoming packets, filtering
     TCP
"Steps for Recovering from a UNIX or NT System Compromise"(paper)
Stevens, Richard
stock kernel
strobe 2nd
subjects (SELinux)
subnet masks
subnets 2nd 3rd 4th 5th 6th 7th 8th
SUSE Linux
Swatch 2nd 3rd 4th
switches 2nd
symbolic constants 2nd 3rd
     private choke firewalls
     public gateway firewalls 2nd
SYN ACK
SYN flag 2nd 3rd 4th 5th 6th 7th
Sysctl support (GrSec)
syslog 2nd 3rd 4th
syslogd 2nd 3rd 4th
system logs
     firewall log messages 2nd 3rd 4th
         duplicating
         TCP example 2nd
         UDP example 2nd
     intrusion detection 2nd
     syslog configuration 2nd 3rd 4th