IPTABLES / FIREWALL INTERVIEW QUESTIONS AND ANSWERS
PAGE - 2
11..How
to save and restore in iptables?
The iptables-save command builds a file that
contains all iptables rules in a running policy in human-readable format. This
format can be interpreted by the iptables-restore program , which takes each of the rules listed in the
ipt.save file and instantiates it within a running kernel.
A single execution of the iptables-restore
program recreates an entire
iptables policy in the kernel; multiple
executions of the iptables program are not necessary
iptables-save and iptables-restore commands
#
iptables-save > /root/ipt.save
# cat
/root/ipt.save | iptables-restore
12..How
to do the Logging transport layer headers with iptables?
The iptables LOG target has extensive
machinery for logging TCP and UDP
headers. The TCP header is far more complex
than the UDP header, and
some TCP header fields are logged only if
specific command-line arguments
are supplied to iptables
when a LOG rule is added to the iptables policy.
13..What is the use of port sweep?
A port sweep is a reconnaissance method
similar to a port scan. However, instead of enumerating accessible services on
a single host, a port sweep checks for the availability of a single service on
multiple hosts. From a security perspective, port sweeps can give cause for
greater concern than port scans since they frequently imply that a system has
been compromised by a worm and is looking for other targets to infect
14..Explain
Transport Layer Responses?
Under certain conditions, the transport layer
can issue responses to traffic.
Firewalls or other filtering devices can
implement filtering operations based
on transport layer headers
15..what
is the user of SYN Cookies and how to
enable it?
TCP stack to perform well under a SYN
flood attack is to enable SYN cookies.
While a passive IDS cannot implement SYN. cookies as a response to an attack.
SYN cookies are easily enabled on Linux. systems via the /proc filesystem, to enable
by executing the following command
echo
1 > /proc/sys/net/ipv4/tcp_syncookies
16..Why Analyze Firewall Logs?
Good network security begins with a properly
configured firewall that is only as
permissive as absolutely necessary in order
to allow basic network connectivity
and services. Firewalls are inline devices
and are therefore well positioned to apply filtering logic to network traffic.
17..How alert will work with psad?
Once psad determines that a suspicious event
or series of events has taken place against iptables, it alerts the
administrator. Its goal is to provide as much information as possible so that
he or she can determine the proper
response. By default, psad generates both
email and syslog alerts, as you’ll see in the examples in this section.
18..How
Detecting Windows Messenger Pop-up
Spam?
Spam is a pervasive problem on the Internet,
and we are all feeling the
effects of this scourge. One common way that
spammers try to have their
spam viewed by more people is by sending it
directly through the Windows
Messenger service. Although it is pretty
useless to detect this traffic when it’s
coming from external networks (because each
spam message can be spoofed
and only a single UDP packet is required to
transmit it unless the message is
large), it can be important to detect it when
it’s coming from your internal
network. Any system that is generating such
traffic on your intranet may have
been compromised and used to send spam by
someone controlling the system from afar.
19..Why we need to
run fwsnort?
The fwsnort project is focused on enhancing
the ability of the Linux kernel to control the types of packets allowed to
communicate with (or through) your Linux system. By combining the power of the
Snort signature language
with the speed of the Linux kernel and the
simplicity of iptables commands, fwsnort is able to bolster the security stance
of an existing IDS/IPS infrastructure.
2 20..How
to check iptables rpm?
# # rpm –qa iptbales
No comments:
Post a Comment