Re: Block martians with source address 127.0.0.1

From: Cedric Blancher (blancher_at_cartel-securite.fr)
Date: 05/31/04

  • Next message: Konstantin Gavrilenko: "Re: Block martians with source address 127.0.0.1"
    To: Bjørn Rasmussen <bjoernr@sensewave.com>
    Date: Mon, 31 May 2004 17:30:02 +0200
    
    

    Le lun 31/05/2004 à 12:55, Bjørn Rasmussen a écrit :
    > The kernel on the firewall logs these packets as martians which it
    > should do, but my rules will not log or block these packets. Anybody
    > who knows how to do it? Is it possible? I guess there are situations
    > were malicious persons could at least perform a DoS-attack?

    As a general rule, when a Linux box receive a packet sourced with one of
    its adresses, it is silently discarded at routing process. So your INPUT
    stuff should not see the packet coming.

    Furthermore, if reverse path filtering (rp_filter) is enabled, then
    martians are automaticly discarded, before they get to INPUT or FORWARD.

    -- 
    http://www.netexit.com/~sid/
    PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
    >> Hi! I'm your friendly neighbourhood signature virus.
    >> Copy me to your signature file and help me spread!
    

  • Next message: Konstantin Gavrilenko: "Re: Block martians with source address 127.0.0.1"

    Relevant Pages

    • Re: Block martians with source address 127.0.0.1
      ... Sometimes> martians arrive from the Internet with source address 127.0.0.1. ... I want> to block these packets, but I don't find any way to set up the rules to> accomplish this. ... > Normally I use "fwbuilder" to set up my rules, but since the martians> were not blocked by the spoofing-rules generated by "fwbuilder", I tried> a simple test using iptables-commands directly. ... > The kernel on the firewall logs these packets as martians which it> should do, but my rules will not log or block these packets. ...
      (Focus-Linux)
    • Re: Block martians with source address 127.0.0.1
      ... >> martians arrive from the Internet with source ... > Pretty common use of spoofed packets. ... Try the all-new Yahoo! ...
      (Focus-Linux)
    • Re: Block martians with source address 127.0.0.1
      ... > martians arrive from the Internet with source ... Pretty common use of spoofed packets. ... > The kernel on the firewall logs these packets as ...
      (Focus-Linux)
    • Block martians with source address 127.0.0.1
      ... I've firewall connected to the Internet via an ISDN-line. ... Normally I use "fwbuilder" to set up my rules, but since the martians ... The kernel on the firewall logs these packets as martians which it ...
      (Focus-Linux)
    • Re: Block martians with source address 127.0.0.1
      ... >> The kernel on the firewall logs these packets as martians which it ... but my rules will not log or block these packets. ... > As a general rule, when a Linux box receive a packet sourced with one of ... > martians are automaticly discarded, before they get to INPUT or FORWARD. ...
      (Focus-Linux)