Guyub – Konsultan F/OSS

in this case i altered through the /proc file system or by using sysctl coz many kernel parameters can be altered through the /proc file system or by using sysctl.

Deactivate IP forwarding

#echo "0" > /proc/sys/net/ipv4/ip_forward

if you are not router Make sure that IP forwarding is turned off

Drop ping packets

#echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all

sometimes many attacker identify host up with ping the ip,you can drop ping packets in order that your machine can’t respon the ping.

root@bsd:~# ping 192.168.182.250
PING 192.168.182.250 (192.168.182.250) 56(84) bytes of data.

_

Ignore broadcast pings

#echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts


This disables response to ICMP broadcasts and will prevent Smurf attacks. The Smurf attack works by sending an ICMP type 0 (ping) message to the broadcast address of a network. Typically the attacker will use a spoofed source address. All the computers on the network will respond to the ping message and thereby flood the host at the spoofed source address.

Disable source routed packets

#echo "0" > /proc/sys/net/ipv4/conf/all/accept_source_route

Do not accept source routed packets. Attackers can use source routing to generate traffic pretending to originate from inside your network, but that is actually routed back along the path from which it came, so attackers can compromise your network. Source routing is rarely used for legitimate purposes, so it is safe to disable it.

Disable redirect acceptance

#echo "0" > /proc/sys/net/ipv4/conf/all/accept_redirects

Do not accept ICMP redirect packets. ICMP redirects can be used to alter your routing tables, possibly to a malicious end.

Protect against bad error messages

#echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses


Enable protection against bogus error message responses.

Enable reverse path filtering

for i in /proc/sys/net/ipv4/conf/*; do
/bin/echo "1" > $i/rp_filter
done


Turn on reverse path filtering. This helps make sure that packets use legitimate source addresses by automatically rejecting incoming packets if the routing table entry for their source address does not match the network interface they are arriving on. This has security advantages because it prevents IP spoofing. We need to enable it for each net/ipv4/conf/* otherwise source validation isn’t fully functional.

Log all spoofed, source routed and redirect packets

#echo "1" > /proc/sys/net/ipv4/conf/all/log_martians


Log spoofed packets, source routed packets and redirect packets.

/*done*/

but after reboot his configuration are reset,so you must edit /etc/sysctl.conf

ex:

(Manual using echo):
#echo "0" > /proc/sys/net/ipv4/ip_forward

(Automatic in sysctl.conf:)
net.ipv4.ip_forward = 0

Stefan Esser has launched another Month of PHP security. It includes popular applications which use PHP as well as general bugs. He also includes a general PHP security article that you really should read to help secure your code. I?d also keep an eye out for the hardening of PHP configuration which will be released shortly.

Setelah pusing muter2..gara2 Linksys WRT54GL gak bisa di akses (abis ganti firmware)..nyaris aja tuh Router di banting..
Buka fesbuk, baca2 update status temen, ada hal yg menarik di statusnya pak Onno, tentang repair linksys.
Buka linknya, ehm langsung di ujicoba.
1. Putuskan koneksi dari kabel LAN.
2 Tekan tombol RESET selama 30 detik.
3. Tanpa melepas tombol RESET, matikan POWER [...]

Three security updates were released just now. They are OpenSSL, Firefox, and Seamonkey packages. Along with this release, several packages gets an upgrade also, such as the Kernels, Java, and many others.

Since it’s very new, it hasn’t reached Slackware’s mirror in OSUOSL yet. When i tried to run my rsync script, it didn’t get the new updates yet. I think it will take some time before it reaches the main mirror and then distributed to other mirrors.

I wonder if Slackware will use the new OpenSSL 1.0 package in the future. It has been released, but it’s a major upgrade compared to 0.9.8 version, so thorough testing is required before it is included in -Current.

Oh, and i hope it’s not an April Fool’s update

Ketika membandingkan dua sistem operasi, antara Micr. Windows dengan GNU/Linux, kebanyakan orang/user pasti menjawab bahwa Linux more secure against viruses. Hal inilah yang mungkin juga menjadi alasan banyaknya hosting dan webserver komputer yang lebih nyaman menggunakan Server berbasis Linux daripada berbasis Windows Server.
Dalam tulisan ini, kami mencoba menjelaskan beberapa alasan, mengapa Linux lebih tahan dan [...]

This is a critical update for Apache HTTPD Server package. Please update your installed httpd package as soon as possible using the provided package.

[read more on http://wallinux.blogspot.com/]

Three years ago the Hardened-PHP project organized the Month of PHP Bugs. During one month I disclosed more than 40 vulnerabilities in the PHP interpreter in order to improve the overall security of PHP. In the history of PHP this event has been one of a kind. But now, three years later, my company SektionEins GmbH will continue in the same spirit and organize the Month of PHP Security. Our preparations are not finished yet, but here is a sneak preview of what it will be.

The Month of PHP Security will take place in May 2010 and will be very different from all the previews ?Month of Bugs? or ?Week of Bugs? events. You can think of the Month of PHP Security as a conference without a conference. This means around the 1st of March we will send out a call for papers in order to collect the best advisories, the best research and the best articles about PHP security. We invite everyone from the PHP and from the security community to take part in this event.

The basic idea will be that during May we are planning to release (at least) one advisory or one research paper or one article about PHP security topics that were submitted to the public. And in the end of May our jury will select the best X submissions and give out prizes. We are still in the process of selecting good prizes and would be happy about more sponsors. Therefore: If you consider this event to be a good idea to improve the security of PHP and want to sponsor prizes, do not hesitate to contact us at info@sektioneins.de.

The accepted topics will be:

• Advisory/Article about new vulnerability in PHP (with or without exploits) (no simple safe_mode, open_basedir bypass vulnerabilities)
• Advisory/Article about vulnerability in PHP related software (popular 3rd party PHP extensions/patches, like Suhosin or Zend tools)
• Detailed article about a single topic of PHP application security
• Article about a complicated vulnerability in/attack against a widespread PHP application
• Article about a complicated topic of attacking PHP (e.g. explain how to exploit heap overflows in PHP?s heap implementation)
• Article about how to attack encrypted PHP applications
• Release of a new PHP security tools
• Other topics related to PHP (application) security

Of course we will accept multiple submissions by the same person/team and there will most probably also be articles/advisories by ourself. (But of course we cannot win the prizes)

We at SektionEins are already very excited about the event and hope it will be a success and once again improve the security of the PHP ecosystem.