Re: Weird!
From: Kostas K (acezerocool_at_yahoo.com)
Date: 07/13/04
- Previous message: Alexander Economou: "Re: Visited by a cracker"
- Maybe in reply to: Kostas K: "Weird!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 13 Jul 2004 13:40:12 -0000 To: focus-linux@securityfocus.com('binary' encoding is not supported, stored as-is) In-Reply-To: <40EC6DD5.9090407@bcgreen.com>
Stephen,
i am using the following rules:
-iptables -t nat -A PREROUTING -i ppp0 -s 192.168.0.0/16 -j DROP
-iptables -t nat -A POSTROUTING -o ppp0 -d 192.168.0.0/16 -j DROP
Do you think that these rules meet the requirements and in case they do not i apply yours.
I have also disabled RIP in my router since it's not the gateway to Internet.
Regards,
Kostas
>My reading is that aa.aaa.aaa is probably attempting to send packets
>to address 192.168.1.100 OVER THE PPP LINK (i.e. out into the
>wider internet). [[ You should be egress filtering against such things ]]
>after a couple of hops, the packet hits a (border?) router that filters
>against such evils and it sends back the ICMP reject.
>
>Suggested rule:
>
>-A FORWARD -o PPP0 -d 192.168.0.0/16 -J REJECT
>-A OUTPUT -o PPP0 -d 192.168.0.0/16 -J REJECT
>
>(similarly for other non-routable networks).
>
>That should get rid of your wierd messages.
>
>(( The other possibility is that someone else is faking your
>source address, but that's rarely of any use with TCP unless they're
>in a position to capture any response en-route. ))
>
>--
>Stephen Samuel +1(604)876-0426 samuel@bcgreen.com
> http://www.bcgreen.com/~samuel/
> Powerful committed communication. Transformation touching
> the jewel within each person and bringing it to light.
>
- Previous message: Alexander Economou: "Re: Visited by a cracker"
- Maybe in reply to: Kostas K: "Weird!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
