in this case i altered through the /proc file system or by using sysctl coz many kernel parameters can be altered through the /proc file system or by using sysctl.

Deactivate IP forwarding

#echo "0" > /proc/sys/net/ipv4/ip_forward

if you are not router Make sure that IP forwarding is turned off

Drop ping packets

#echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all

sometimes many attacker identify host up with ping the ip,you can drop ping packets in order that your machine can’t respon the ping.

root@bsd:~# ping 192.168.182.250
PING 192.168.182.250 (192.168.182.250) 56(84) bytes of data.

_

Ignore broadcast pings

#echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts


This disables response to ICMP broadcasts and will prevent Smurf attacks. The Smurf attack works by sending an ICMP type 0 (ping) message to the broadcast address of a network. Typically the attacker will use a spoofed source address. All the computers on the network will respond to the ping message and thereby flood the host at the spoofed source address.

Disable source routed packets

#echo "0" > /proc/sys/net/ipv4/conf/all/accept_source_route

Do not accept source routed packets. Attackers can use source routing to generate traffic pretending to originate from inside your network, but that is actually routed back along the path from which it came, so attackers can compromise your network. Source routing is rarely used for legitimate purposes, so it is safe to disable it.

Disable redirect acceptance

#echo "0" > /proc/sys/net/ipv4/conf/all/accept_redirects

Do not accept ICMP redirect packets. ICMP redirects can be used to alter your routing tables, possibly to a malicious end.

Protect against bad error messages

#echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses


Enable protection against bogus error message responses.

Enable reverse path filtering

for i in /proc/sys/net/ipv4/conf/*; do
/bin/echo "1" > $i/rp_filter
done


Turn on reverse path filtering. This helps make sure that packets use legitimate source addresses by automatically rejecting incoming packets if the routing table entry for their source address does not match the network interface they are arriving on. This has security advantages because it prevents IP spoofing. We need to enable it for each net/ipv4/conf/* otherwise source validation isn’t fully functional.

Log all spoofed, source routed and redirect packets

#echo "1" > /proc/sys/net/ipv4/conf/all/log_martians


Log spoofed packets, source routed packets and redirect packets.

/*done*/

but after reboot his configuration are reset,so you must edit /etc/sysctl.conf

ex:

(Manual using echo):
#echo "0" > /proc/sys/net/ipv4/ip_forward

(Automatic in sysctl.conf:)
net.ipv4.ip_forward = 0

Ubuntu 10.04 deb http://bos.fkip.uns.ac.id/ubuntu/ lucid main restricted universe multiverse deb http://bos.fkip.uns.ac.id/ubuntu/ lucid-updates main restricted universe multiverse deb http://bos.fkip.uns.ac.id/ubuntu/ lucid-security main restricted universe multiverse Ubuntu 9.04 deb http://bos.fkip.uns.ac.id/ubuntu/ jaunty main restricted universe multiverse deb http://bos.fkip.uns.ac.id/ubuntu/ jaunty-updates main restricted universe multiverse deb http://bos.fkip.uns.ac.id/ubuntu/ jaunty-security main restricted universe multiverse Ubuntu 8.10 deb http://bos.fkip.uns.ac.id/ubuntu/ intrepid main restricted universe multiverse [...]

pAfter I published Wanted: Virtual Personal Email Servers (VPES) I got lots of feedback. Among others, John made very interesting comments, for example:/pbr/br/… The most user friendly free email management interface is from Zimbra, but the setup is a bear and the system requirements are huge for what it providesbr/…I (John) spent 20 min earlier today considering whether I could make any profit creating an easy VPES setup script with a fairly low monthly price point.br/… BTW, the laws for emRead More…

pIn the last post I’ve shown how to create keyrings using python and mentioned a slightly difference from the seahorse password storing process. Well, it happens that, when we start to dig this difference isn’t so small. Using seahorse every keyring item is created with the Update if Exists flag as False, so you can create identical keyring items. This is not a safe approach and can result in an inconsistent keyring. But as we use the Update if Exists flag set as True, something uRead More…

Hari ini (Selasa, 18 Mei 2010) Muhammad Subair dan Satrio datang di SMA 9 Palembang, untuk memenuhi permintaan pihak sekolah kepada Guyub untuk membantu mengisi materi sosialisasi Free/Open Source Software (khususnya GNU/Linux) kepada seluruh guru dan pegawai sekolah.

Materi Pengenalan F/OSS

Secara umum acara berlangsung lancar dan ada interaksi berupa pertanyaan dan permintaan demo dari guru-guru. Dari yang kami dapat dari interaksi tadi, di SMA 9 Palembang ini sama dengan tempat-tempat sebelumnya yang kami datangi, dimana kendala utama belum menggunakan F/OSS khususnya GNU/Linux karena memang belum tahu dan masih kurangnya dukungan dari pengambil kebijakan. Hal ini bisa dilihat dengan masih banyaknya kesalahpahaman dasar tentang F/OSS, Linux, HAKI, dll.

Guru-guru SMA 9 Palembang

Mudah-mudahan kedepannya bisa ada kelanjutan dari acara ini, dimana Guyub dan juga komunitas F/OSS di Palembang dan sekolah bisa mengadakan acara teratur, semisal dimulai dengan pembentukan kelompok study Linux untuk siswa, dll. Setidaknya dengan apa yang ada hari ini kita bisa lihat sudah ada kemauan untuk mengenal lebih jauh tentang Free/Open Source Software.

Akhir kata kami mengucapkan terima kasih banyak atas penerimaan dari SMA 9.

—

Tim Guyub

Dengan mengucap Bismillahirrahmanirrahim
Hari ini 12 Mei 2010, kami merilis versi perdana dari Keuangan Guyub – Aplikasi Keuangan Open Source untuk UKM Jasa.
Bagi teman-teman yang tertarik mencoba bisa download langsung versi perdana di http://keuangan-guyub.googlecode.com/files/KG-20100512-1.zip.
Untuk cara instalasi oleh bisa dilihat di http://code.google.com/p/keuangan-guyub/wiki/PanduanSingkatInstalasi.
Petunjuk penggunaan bisa di download di http://keuangan-guyub.googlecode.com/files/DokumentasiPengguna-KG-20100512-1.pdf.
Dan kami juga sangat mengharapkan saran, masukan, kritikan dan kontribusi [...]

Click to Play
This is only my documentation about how YaST (openSUSE Administrator Settings) can give an easy setup to install a complex-steps software installation.
Have fun!

pA recent addition to Linux’s impressive selection of file systems is Ceph, a distributed file system that incorporates replication and fault tolerance while maintaining POSIX compatibility. Explore the architecture of Ceph and learn how it provides fault tolerance and simplifies the management of massive amounts of data./p

Eric has compiled KDE 4.4.3 (official announcement will be released shortly) for Slackware-Current for those who wanted to try out KDE 4.4.x series which won’t make it into Slackware 13.1 due to unsatisfied requirements (it will likely be included on the Slackware next’s next released though).

Remember, this KDE packages are intended for Slackware-Current only. Do not use Slackware 13.0 to install them.

Banyak berbagai macam alat browser untuk mencari sesuatu, baik artikel, tutorial, gambar, maupun yang lainnya.
seperti google.com, yahoo.com, atau yang lainnya…
tapi untuk pencarian khusus linux? ada atau tidak ya..??
hehehehe jangan kawatir, ini ada satu alat pencarian khusus tentang linux, dan ini di dapatkan dari blog saya yang masuk dalam salah satu kategori yang di [...]