Re: Weird!

From: Kostas K (
Date: 07/13/04

  • Next message: Louie Miranda: "Re: Visited by a cracker"
    Date: 13 Jul 2004 13:40:12 -0000
    ('binary' encoding is not supported, stored as-is) In-Reply-To: <>


    i am using the following rules:

    -iptables -t nat -A PREROUTING -i ppp0 -s -j DROP
    -iptables -t nat -A POSTROUTING -o ppp0 -d -j DROP

    Do you think that these rules meet the requirements and in case they do not i apply yours.
    I have also disabled RIP in my router since it's not the gateway to Internet.


    >My reading is that is probably attempting to send packets
    >to address OVER THE PPP LINK (i.e. out into the
    >wider internet). [[ You should be egress filtering against such things ]]
    >after a couple of hops, the packet hits a (border?) router that filters
    >against such evils and it sends back the ICMP reject.
    >Suggested rule:
    >-A FORWARD -o PPP0 -d -J REJECT
    >-A OUTPUT -o PPP0 -d -J REJECT
    >(similarly for other non-routable networks).
    >That should get rid of your wierd messages.
    >(( The other possibility is that someone else is faking your
    >source address, but that's rarely of any use with TCP unless they're
    >in a position to capture any response en-route. ))
    >Stephen Samuel +1(604)876-0426
    > Powerful committed communication. Transformation touching
    > the jewel within each person and bringing it to light.

  • Next message: Louie Miranda: "Re: Visited by a cracker"