Network Security Hacks by Andrew Lockhart The unconfirmed error reports are from readers. They have not yet been approved or disproved by the author or editor and represent solely the opinion of the reader. Here's a key to the markup: [page-number]: serious technical mistake {page-number}: minor technical mistake : important language/formatting problem (page-number): language change or minor formatting problem ?page-number?: reader question or request for clarification This page was updated March 27, 2007. UNCONFIRMED errors and comments from readers: {17} last line; If you're using xdm, look for a file called Xservers and make sure it contains a line similar to this: 0: local /usr/X11R6/bin/X -nolisten tcp This line should read 0: local /usr/X11R6/bin/X vt05 -nolisten tcp Note, the X server counts the vty from one, whereas BSD kernel numbers the vty from zero. See /etc/ttys. This example will direct the X server to run in /dev/ttyv4. {72} First code listing; Reads: # iptables -P INPUT -i lo -j ACCEPT # iptables -P OUTPUT -o lo -j ACCEPT Should Read: # iptables -A INPUT -i lo -j ACCEPT # iptables -A OUTPUT -o lo -j ACCEPT {91} (maybe) 5th paragraph; in the "small and handy shell script" is the line ping -c $1 [etc] which should be ping -c 1 $1 [etc] [152] Last quarter ; You should insert a destination target for remote logging as example when you specify the destination loghost on the previous page(151) in the middle. example after # *.emerg log { source(src) .... You should insert something like # Log every message to remote host without filtering log { source(src); destination(loghost); }; Without this it's impossible to log to remote host ... [303] Chapter 10, Hack 92; The text says: To disable IP forwarding, run this: # echo 1 > /proc/sys/net/ipv4/ip_forward But it is the opposite. That command will enable the forwarding. To disable it you must write: # echo 0 > /proc/sys/net/ipv4/ip_forward