> >>I'm definitely not a firewall expert, but isn't it also possible to >>get around >>IPchains using IP spoofing? From what I know ipchains is only >>protected against spoofing by using source address verification. >> >>Or am I way off? >> >>Luke >> >> >A little off. :) Yes you can spoof iptables but not nearly as easily as >hosts.allow can be spoofed. Hosts.allow's verifications procedures are >considerably less sophisticated than those of iptables. > >Regards > >James > >P.S. Generally Ipchains has been replaced by Iptables. I did both, i blocked IP's with iptbels and i also configured SSH Demean to only allow connections form given IP's my server was down like 2-3 times a week due to DDOS attach or some one running a attach on my SSH, now the server seem to be running fine. oh yeah and i also blocked all ICMP communication and only allowed form my IP only :) ------- Web Hosting at a cheap price, starting at $1 per month with your own domain, .COM, .NET, .LK, .ORG etc.. PHP, CGI, Perl, MySQL, Cpanel 9, POP3, POP3s, SMTP, IMAP, FTP, http://www.orbitsl.net - : send the line "unsubscribe linux-admin" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
