Block martians with source address 127.0.0.1
From: Bjørn Rasmussen (bjoernr_at_sensewave.com)
Date: 05/31/04
- Previous message: Michael S Hines: "RE: looking for wireless linux security book"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "focus-linux@securityfocus.com" <focus-linux@securityfocus.com> Date: Mon, 31 May 2004 12:55:52 +0200
Hi!
I've firewall connected to the Internet via an ISDN-line. Sometimes
martians arrive from the Internet with source address 127.0.0.1. I want
to block these packets, but I don't find any way to set up the rules to
accomplish this.
Normally I use "fwbuilder" to set up my rules, but since the martians
were not blocked by the spoofing-rules generated by "fwbuilder", I tried
a simple test using iptables-commands directly.
I added these rules as the only ones to the input chain on my
LAN-interface:
iptables -A INPUT -i eth0 -s 127.0.0.1 -j LOG
iptables -A INPUT -i eth0 -s 127.0.0.1 -j DROP
iptables -A INPUT -i eth0 -s -j LOG
iptables -A INPUT -i eth0 -s -j DROP
>From a client on my LAN, I used the command "nmap -e <LAN-interface on
client> -S 127.0.0.1 <ip-addr. of firewalls LAN-interfac>" to spoof the
localhost address.
The kernel on the firewall logs these packets as martians which it
should do, but my rules will not log or block these packets. Anybody
who knows how to do it? Is it possible? I guess there are situations
were malicious persons could at least perform a DoS-attack?
Best regards
Bjørn Rasmussen
-- Bjørn Rasmussen IT-konsulent Firma: Bjørn Rasmussen Nettverkstjenester Sertifikater: Linux: RHCE (Red Hat Certified Engineer) Windows NT 4.0: MCSE (Microsoft Certified System Engineer) Adr: Moneheia 47, 4656 Kristiansand Tlf: 38 04 09 55 Mbl: 911 27367 Email: bjoernr@sensewave.com Web: http://wind.prohosting.com/bjoernr
- Previous message: Michael S Hines: "RE: looking for wireless linux security book"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
