cipherdyne.org

Michael Rash, Security Researcher



Online site for Linux Firewalls: Attack Detection and Response

Online site for Linux Firewalls book The online site for the book Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort has been finished. This site serves as an online resource in support of the book where scripts, packet traces, configuration files, and other material discussed in the book can be downloaded. Many thanks go to Richard Bejtlich of TaoSecurity for writing an excellent foreword, and to Raffael Marty of SecViz and Ron Gula of Tenable Network Security for endorsing the book.

As an example of some of the resources that can be found online, all of the iptables visualizations in Chapter 14 can found along with the Gnuplot directive and data files here for easy downloading. Here is a sample visualization that shows a 3D Gnuplot view of a port sweep against a Honeynet (note the outlier above the general plane which indicates that the IP 200.216.205.189 has sent a total of 2,244 packets to TCP port 3306, and this is far in excess of any other IP address).
Linux Firewalls book port sweep figure