Paul "Rusty" Russell Archive

Packet Filtering in the 2.4 Kernel
The Netfilter project has brought the 2.4 Linux kernel more powerful and easier-to-use packet filtering and Network Address Translation capabilities.
Writing a Module For netfilter
With Linux 2.4 right around the corner, now would be a very good time to discuss the new packet observation and filtering mechanism that were introduced during the 2.3 kernel development, which iscalled netfilter. I discussed the netfilter architecture briefly back in my Best Defense column in October 1999 (http://www.linux-mag.com/1999-10/bestdefense_01.html), and more thoroughly in the January 2000 issue of Linux Magazine.
A Look at Some of the Greatest Unix Security Holes of All Time
The hottest trend these days in network intrusion is to exploit buffer overruns, a technique where-by you feed a program more data than it has allocated, overwriting the memory in the hope of making the program do something it would normally never do. It's an interesting technique but just one of many available in the arsenal of today's intruders. In the interest of feeding the media blitz about Internet security, this month's column features a walk through some of the more innovative and interesting security holes that we've come across in the past few years.