Computer Geeks

Computer Geeks

Geek Shop

Geek News

Geek Stuff

Science Geek

Computer Gaming

Linux Chat

Building Websites

Computer Forums

Computer Help Forum

Computer Hardware Forum

Computer Software Programs


Go Back   Computer Forums > Building Websites

Building Websites This section covers all aspects of publishing, developing and maintaining websites. Topics include: website design, graphic design, website programming, web hosting, website marketing (SEO, link exchange, publicity, advertising), monetization & etc.

Computer Geeks
» Active Discussions
Computer Geeks
No Threads to Display.
» Other Websites
- Software Publishing

- Server Hardening
Reply
 
Thread Tools Display Modes
  #1  
Old 02-21-2006, 03:18 AM
Soulwatcher's Avatar
Soulwatcher Soulwatcher is offline
Senior Member
GB GEEK
 
Join Date: Feb 2006
Posts: 309
Send a message via MSN to Soulwatcher
Thumbs up Host.conf Hardening - Prevent IP spoofing

The first thing you are going to want to do is SSH into your server. Then type the following command.

#pico -w /etc/host.conf

Scroll down until you see (order hosts,bind) Just below it type (nospoof on) and then save. It should look like this when your done

order hosts,bind
nospoof on

Thats it, your all done. Make sure to restart your network so the new rules will take effect.
Reply With Quote
  #2  
Old 02-23-2006, 06:20 PM
James72 James72 is offline
Junior Member
GB Beginner
 
Join Date: Feb 2006
Posts: 29
Default

Thanks for the tutorial!

What exactly will this do, and is it foolproof?
________
buy easy vape vaporizer

Last edited by James72; 01-21-2011 at 08:30 PM.
Reply With Quote
  #3  
Old 04-13-2006, 02:54 PM
Coop Coop is offline
Member
GB Beginner
 
Join Date: Apr 2006
Posts: 34
Default

spoofing is a little complicated to explain, and doesn't really affect you if you only have a single IP address. Basically, if you had a network of several differant machines, you may adjust your firewall rules so that your internal machines have more access to each other than external machines. You may, for example, decide that all ports are open between internal machines, but only ports 80, 443 and 25 for external machines. This is a common setup.

If your network is not properly protected, it is possible for someone to setup a machine externally that uses a spare IP from your local network (only works with real IP's, as most internet routers will not route the private blocks such as 192.168.* etc.). So they have a machine that has potentially greater access to your network.

They then setup a static route on their machine saying that to talk to your network, the machine should route all packets via your router. If done correctly, and your router is not properly protected, then tey will have the same access to your network as any other local machine.

There are several ways around this problem, but the most common is to make your router drop any packets coming from the internet interface that have IP addresses on your local network. Protection can also be put in place at the ehternet level by locking IP's to MAC addresses to make things even more difficult, but your typical home roputer / switch does not include that facility.
__________________
Coop
Reply With Quote
  #4  
Old 04-21-2006, 11:30 AM
LucnetSolutions's Avatar
LucnetSolutions LucnetSolutions is offline
Member
GB Beginner
 
Join Date: Mar 2006
Posts: 49
Send a message via AIM to LucnetSolutions Send a message via MSN to LucnetSolutions Send a message via Yahoo to LucnetSolutions
Default

This a nice tip for added security. I seen this before and have it on all our servers. Glad see this here.
__________________
Lucnet Solutions - World Wide Hosting Solutions
Reply With Quote
  #5  
Old 05-03-2006, 02:54 AM
rmwebs rmwebs is offline
Member
GB Beginner
 
Join Date: May 2006
Posts: 30
Default

Nice Tutorial! Thank you
__________________
Own A Forum? - WhichBB
Reply With Quote
  #6  
Old 02-29-2008, 04:14 PM
timeassasin timeassasin is offline
Junior Member
GB Newbie
 
Join Date: Feb 2008
Posts: 2
Default

thanks for sharing!
__________________
:: Latest Coupon Codes ::
Reply With Quote
  #7  
Old 07-23-2008, 03:39 AM
Lamer980's Avatar
Lamer980 Lamer980 is offline
Junior Member
GB Newbie
 
Join Date: Jul 2008
Posts: 8
Default

Thanks, Soulwatcher, its always good to get feedback.
__________________
Link Building Packages
Reply With Quote
  #8  
Old 09-01-2008, 01:34 AM
AndraJoseph AndraJoseph is offline
Junior Member
GB Newbie
 
Join Date: Aug 2008
Posts: 3
Thumbs up

Thanks for the information soulwatcher. I will definitely try this one out at the beginning of the code.
__________________
Myrtle Beach Condos
Reply With Quote
  #9  
Old 03-29-2010, 03:40 PM
pengerik pengerik is offline
Member
GB Advanced User
 
Join Date: Feb 2010
Posts: 59
Default

I'm going to order a webserver with several IP's in the coming weeks, so this was really helpfull information ! Thanx for sharing
Reply With Quote
  #10  
Old 05-22-2010, 11:40 PM
aladamapee aladamapee is offline
Junior Member
GB Beginner
 
Join Date: May 2010
Posts: 16
Default

Quote:
Originally Posted by Soulwatcher View Post
The first thing you are going to want to do is SSH into your server. Then type the following command.

#pico -w /etc/host.conf

Scroll down until you see (order hosts,bind) Just below it type (nospoof on) and then save. It should look like this when your done

order hosts,bind
nospoof on

Thats it, your all done. Make sure to restart your network so the new rules will take effect.
Great information for us, This information is still required for many of us. Thanks
__________________
email marketing software
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Powered by vBadvanced CMPS v3.2.3

All times are GMT -5. The time now is 06:39 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
HTML Help provided by HTML Help Central.