Re: Block martians with source address 127.0.0.1
From: Cedric Blancher (blancher_at_cartel-securite.fr)
Date: 05/31/04
- Next in thread: Konstantin Gavrilenko: "Re: Block martians with source address 127.0.0.1"
- Maybe reply: Konstantin Gavrilenko: "Re: Block martians with source address 127.0.0.1"
- Maybe reply: Patrick Benson: "Re: Block martians with source address 127.0.0.1"
- Maybe reply: Kalevi Nyman: "Re: Block martians with source address 127.0.0.1"
- Maybe reply: Slack Traq: "Re: Block martians with source address 127.0.0.1"
- Maybe reply: Ross Vandegrift: "Re: Block martians with source address 127.0.0.1"
- Maybe reply: Thomas Corriher: "Re: Block martians with source address 127.0.0.1"
- Maybe reply: LFM: "Re: Block martians with source address 127.0.0.1"
- Reply: Bjørn Rasmussen: "Re: Block martians with source address 127.0.0.1"
- Maybe reply: Bjørn Rasmussen: "Re: Block martians with source address 127.0.0.1"
- Reply: Konstantin Gavrilenko: "Re: Block martians with source address 127.0.0.1"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Bjørn Rasmussen <bjoernr@sensewave.com> Date: Mon, 31 May 2004 17:30:02 +0200
Le lun 31/05/2004 à 12:55, Bjørn Rasmussen a écrit :
> The kernel on the firewall logs these packets as martians which it
> should do, but my rules will not log or block these packets. Anybody
> who knows how to do it? Is it possible? I guess there are situations
> were malicious persons could at least perform a DoS-attack?
As a general rule, when a Linux box receive a packet sourced with one of
its adresses, it is silently discarded at routing process. So your INPUT
stuff should not see the packet coming.
Furthermore, if reverse path filtering (rp_filter) is enabled, then
martians are automaticly discarded, before they get to INPUT or FORWARD.
-- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread!
- Next in thread: Konstantin Gavrilenko: "Re: Block martians with source address 127.0.0.1"
- Maybe reply: Konstantin Gavrilenko: "Re: Block martians with source address 127.0.0.1"
- Maybe reply: Patrick Benson: "Re: Block martians with source address 127.0.0.1"
- Maybe reply: Kalevi Nyman: "Re: Block martians with source address 127.0.0.1"
- Maybe reply: Slack Traq: "Re: Block martians with source address 127.0.0.1"
- Maybe reply: Ross Vandegrift: "Re: Block martians with source address 127.0.0.1"
- Maybe reply: Thomas Corriher: "Re: Block martians with source address 127.0.0.1"
- Maybe reply: LFM: "Re: Block martians with source address 127.0.0.1"
- Reply: Bjørn Rasmussen: "Re: Block martians with source address 127.0.0.1"
- Maybe reply: Bjørn Rasmussen: "Re: Block martians with source address 127.0.0.1"
- Reply: Konstantin Gavrilenko: "Re: Block martians with source address 127.0.0.1"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
