Fork bombing a Linux machine as a non-root user

Jeff Kinz jkinz at kinz.org
Sat Mar 19 16:42:17 UTC 2005 

On Sat, Mar 19, 2005 at 05:03:38AM -0500, M.Rudra wrote:
> At our hospital we have a proper system with Linux servers and
> backups, staff use a windows-like software custom built to our
> requirements.
> Its the home connection that was attacked twice online so I want to
> install software to secure my home machine.
> 
> This Iptable faq mentions that 2 ethernet cards are required to setup
> a fire wall.
> http://newbiedoc.sourceforge.net/networking/homegateway.html
> 
> Is there an alternative to iptables as i dont have 2 cards and how do
> i get my kernel version? if my kernel is below 2.4 version is there
> any other firewall option on Fedora.
> i tried a command with this result " bash: modprobe: command not found
> " ... actually most commands as a user give above result.
> thanks for your time.

Hi MR,
Iptables can be used with one Ethernet card (AKA 'Network Interface
Card' = "NIC").  However the single NIC configuration will only protect
the single machine which is running iptables.

Does your home network look like either of these two configurations?

"----" = an ethernet cable

setup A:

   Internet                            single
  cable/DSL--------------------------- Computer 
   device        

                          
setup B:
                          |----------  Computer 1
   Internet               |
  cable/DSL------ethernet |----------- Computer 2
   modem         router   |
                          .
                          .
                          |----------- Computer "N"

Note - In setup "B" when using DSL, there are some devices which merge
the functionality of a DSl modem and a router.

To use Iptables in the most desirable fashion the config seen below is 
needed.  Note that it requires a dedicated standalone PC to use as the
firewall.
                          
setup C:
                                           |-------- Computer 1
   Internet      old PC       Cheap        |
  cable/DSL------w/Linux----- Ethernet-----|-------- Computer 2
   modem         iptables     Hub( or a    |
                 (2 Nics)     router)      .
               (Firewall)                  .
                                           |-------- Computer "N"


There is a compromise to setup C which uses the Firewall machine both as
a firewall and a user workstation.  This setup still requires two NICs
but does not require any more additional computers than what you have
now.  While it is not the setup recommended by security experts it will
perform the task of firewalling your home environment. 


Does your home setup resemble "A" or "B" above?  What, if anything is
different about it?

-- 
"The only system which is truly secure, is one which is switched off
and unplugged, locked in a titanium lined safe, buried in a concrete
bunker, surrounded by nerve gas and very highly paid armed guards. Even
then, I wouldn't stake my life on it" - Gene Spafford 
(Good thing. the law of unintended consequences: A laptop, w/wireless
NIC and wake on "date" set in the BIOS)

http://kinz.org
http://www.fedoranews.org
Jeff Kinz, Emergent Research, Hudson, MA.

More information about the fedora-list mailing list