1

Security risks of allowing incoming traffic as a response of a previous request

view story
linux-howto

http://serverfault.com – I understand that somebody would want to block incoming traffic as a general rule except for public resources. And I also understand that you could want to block all outgoing traffic except for certain external services. But is there any serious security risk if I allow incoming traffic that represents responses to previous outgoing traffic, e.g. HTTP requests? (HowTos)

xskl's picture
Submitted by xskl on 11/16/2012

Stories similar to Security risks of allowing incoming traffic as a response of a previous request

I run a web server (Debian Squeeze on a VPS), and the graphs provided by the hosting company show consistently that around twice as much traffic is incoming to the server compared to the outgoing traffic.

I've got a cheap VPS running Ubuntu 12.04 that I sometimes proxy web traffic through via SSH when I don't trust the network I'm on. I'd like to have a closer look at some of that traffic on occasion.

DNS traffic 18 weeks 5 days ago

Hi All,

I have just started learning Lunix; I hope you can help me to block unwanted DNS traffic.

I have big spikes of traffic few times a day. The duration is from few minutes to two hours.

Incoming traffic is 1 mbps, outgoing is 3mbps

Using my friend's script I was able to get some logs.

As i wrote in the thread title, i noticed a strange network traffic reported in /var/log/ufw.log

I use a NETGEAR DNG3300 that is configured to block all the incoming connections.

192.168.0.103 is the computer's IP, 192.168.0.1 is the ruoter IP, 192.168.0.100 is the IP of an another pc in my home.

[ubuntu] ufw and dansguardian 1 year 17 weeks ago

Hello,

I want to use dansguardian as a content filter with squid. I also want to block all outgoing internet traffic except on port 8080, so that users cannot circumvent the content filter by turning off the proxy settings in their browser. However, when I do this using ufw it basically blocks all outgoing internet traffic even if I allow specific ports.

I have an Ubuntu machine acting as a router/Stateful Firewall/NAT for my internet connection. It has a couple of ethernet ports and a wireless network for my home network (eth5, eth7, eth10 and wlan1). It is connected with a DSL modem in bridged mode giving it a connection to the internet called ppp0.

I am pretty newbie to Linux, as most of computers for resources in my school use Linux, I just installed Ubuntu to learn.

By default iptables and ufw sets policy as under:

IPTABLES -P INPUT DROP IPTABLES -P FORWARD DROP IPTABLES -P OUTPUT ACCEPT

ufw default deny (default incoming).

In both cases, Linux all distros trust all applications including fames ftp, smtp, SSH, mail and all others allo

My server is witnessing a sudden increase in traffic. Consistently there is a 200mb outgoing traffic every hour. This is not my web traffic. I am running centos OS and completely new to server administration. Can some one help me to figure out what is causing the traffic. I tried all possible netstat lsof etc. But couldnt really figure out what is causing this.

I have a router that is connected to the internet. To that router we connect via LAN and WAN. WAN settings are up, router user/pass, router access is secured with WPA/WPA-2. I want to make some computers, to be connected to the router (lan or wan) and will be protected from the outside world.

What is the best way doing so ?