Fork bombing a Linux machine as a non-root user
Jeff Kinz
jkinz at kinz.org
Sat Mar 19 16:42:17 UTC 2005
On Sat, Mar 19, 2005 at 05:03:38AM -0500, M.Rudra wrote:
> At our hospital we have a proper system with Linux servers and
> backups, staff use a windows-like software custom built to our
> requirements.
> Its the home connection that was attacked twice online so I want to
> install software to secure my home machine.
>
> This Iptable faq mentions that 2 ethernet cards are required to setup
> a fire wall.
> http://newbiedoc.sourceforge.net/networking/homegateway.html
>
> Is there an alternative to iptables as i dont have 2 cards and how do
> i get my kernel version? if my kernel is below 2.4 version is there
> any other firewall option on Fedora.
> i tried a command with this result " bash: modprobe: command not found
> " ... actually most commands as a user give above result.
> thanks for your time.
Hi MR,
Iptables can be used with one Ethernet card (AKA 'Network Interface
Card' = "NIC"). However the single NIC configuration will only protect
the single machine which is running iptables.
Does your home network look like either of these two configurations?
"----" = an ethernet cable
setup A:
Internet single
cable/DSL--------------------------- Computer
device
setup B:
|---------- Computer 1
Internet |
cable/DSL------ethernet |----------- Computer 2
modem router |
.
.
|----------- Computer "N"
Note - In setup "B" when using DSL, there are some devices which merge
the functionality of a DSl modem and a router.
To use Iptables in the most desirable fashion the config seen below is
needed. Note that it requires a dedicated standalone PC to use as the
firewall.
setup C:
|-------- Computer 1
Internet old PC Cheap |
cable/DSL------w/Linux----- Ethernet-----|-------- Computer 2
modem iptables Hub( or a |
(2 Nics) router) .
(Firewall) .
|-------- Computer "N"
There is a compromise to setup C which uses the Firewall machine both as
a firewall and a user workstation. This setup still requires two NICs
but does not require any more additional computers than what you have
now. While it is not the setup recommended by security experts it will
perform the task of firewalling your home environment.
Does your home setup resemble "A" or "B" above? What, if anything is
different about it?
--
"The only system which is truly secure, is one which is switched off
and unplugged, locked in a titanium lined safe, buried in a concrete
bunker, surrounded by nerve gas and very highly paid armed guards. Even
then, I wouldn't stake my life on it" - Gene Spafford
(Good thing. the law of unintended consequences: A laptop, w/wireless
NIC and wake on "date" set in the BIOS)
http://kinz.org
http://www.fedoranews.org
Jeff Kinz, Emergent Research, Hudson, MA.
More information about the fedora-list
mailing list