Solaris Operating System

Preventing General DoS Attacks Malformed Packet Attacks and Flooding

• Password Protect Your Usb Drive
• How do I free up disk space?

For the exam, you should know the six techniques SUN recommends implementing to help prevent DoS attacks against the Solaris operating system. These are disabling executable stacks, disabling extraneous IP services/ports, using egress filtering, using firewalls, monitoring networks, and implementing a patch update program.

To prevent and defend against DoS attacks, including malformed packet attacks and flooding, Sun Microsystems recommends using egress filtering, TCP wrappers, firewalling, disabling unnecessary service ports, monitoring networks, and implementing a patch program. To reduce IP-spoofed SYN attacks, Sun recommends using filtering. Using firewalls and network monitoring is helpful for detecting Ping of Death and Smurf attacks. In this section, we'll talk about disabling IP ports and services and using Sunsolve—Sun's patch portal.

Disabling Ports and Services

Ports are used in UDP and TCP to name the ends of logical connections with regard to conversations between two systems. When a host contacts another host that is providing a service, a service contact port is defined. The following list is an extract from the /etc/services file in the Solaris operating system that specifies the ports used by the server processes as contact ports (also known as well-known ports):

Tcpmux 1/tcp echo 7/tcp echo 7/udp discard 9/tcp sink null discard 9/udp sink null systat 11/tcp users daytime 13/tcp daytime 13/udp netstat 15/tcp chargen 19/tcp ttytst source chargen 19/udp ttytst source ftp-data 20/tcp ftp 21/tcp ssh 22/tcptelnet 23/tcp smtp 25/tcp mail time 37/tcp timserver time 37/udp timserver name 42/udp nameserver whois 43/tcp nicname domain 53/udp domain 53/tcp bootps 67/udpbootpc 68/udp kerberos 88/udp kdckerberos 88/tcp kdchostnames 101/tcp hostnamepop2 109/tcp pop3 110/tcpsunrpc 111/udp rpcbind sunrpc 111/tcp rpcbind imap 143/tcp imap2ldap 389/tcp ldap 3 89/udp submission 587/tcp submission 587/udp ldaps 636/tcp ldaps 63 6/udp

For a complete list of ports, their associated services, and descriptions, visit www .iana.org/assignments/port-numbers on the Web.

By disabling access to extraneous ports, the operating system will in effect disable the service (and vice versa) from being available and potentially vulnerable to an attack. We'll do so by commenting out services in the /etc/inetd.conf file. This file controls the startup of services and defines how the inetd daemon handles common Internet service requests. Following is an extract from the inetd.conf file: