Re: Block martians with source address 127.0.0.1
From: Konstantin Gavrilenko (mlists_at_arhont.com)
Date: 06/02/04
- Previous message: Bjørn Rasmussen: "Re: Block martians with source address 127.0.0.1"
- In reply to: Cedric Blancher: "Re: Block martians with source address 127.0.0.1"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 02 Jun 2004 01:40:41 +0100 To: Cedric Blancher <blancher@cartel-securite.fr>
Cedric Blancher wrote:
> Le lun 31/05/2004 à 12:55, Bjørn Rasmussen a écrit :
>
>>The kernel on the firewall logs these packets as martians which it
>>should do, but my rules will not log or block these packets. Anybody
>>who knows how to do it? Is it possible? I guess there are situations
>>were malicious persons could at least perform a DoS-attack?
>
>
> As a general rule, when a Linux box receive a packet sourced with one of
> its adresses, it is silently discarded at routing process. So your INPUT
> stuff should not see the packet coming.
Since Bjorn mentioned that he uses FreeSWAN for IPSEC.
Bear in mind, that on 2.6 kernels you would have to ammend rules to
allow legitimate packets with private addresses through, since you do
not have a separate interface for decapsulated ESP/AH packets.
>
> Furthermore, if reverse path filtering (rp_filter) is enabled, then
> martians are automaticly discarded, before they get to INPUT or FORWARD.
>
>
-- Respectfully, Konstantin V. Gavrilenko Arhont Ltd - Information Security web: http://www.arhont.com http://www.wi-foo.com e-mail: k.gavrilenko@arhont.com tel: +44 (0) 870 44 31337 fax: +44 (0) 117 969 0141 PGP: Key ID - 0x4F3608F7 PGP: Server - keyserver.pgp.com
- Previous message: Bjørn Rasmussen: "Re: Block martians with source address 127.0.0.1"
- In reply to: Cedric Blancher: "Re: Block martians with source address 127.0.0.1"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
