Re: Weird entries in my firewall

From: Fósforo (fosforo_at_gmail.com)
Date: 08/31/05

  • Next message: Steven Kalcevich: "Re: University Degree or CISSP" 
    Date: Tue, 30 Aug 2005 20:22:59 -0300
To: security-basics@securityfocus.com

    First i would suggest you block any packets coming from the external
    interface with valid internal IPs
      
      iptables -A INPUT -i eth? -p all -s 192.168.0.0/16 -j LOG
    --log-prefix "spoof: "
      iptables -A INPUT -i eth? -p all -s 192.168.0.0/16 -j DROP
      
      if still having the same problems, suggest review your net topology
    (maybe blocking broadcast)
      
      t+

    30 Aug 2005 15:31:01 -0000, kronos666@gmail.com <kronos666@gmail.com>:
    > Hi list,
    >
    > I've been getting these weird entries in my firewall (iptables) for a while...
    >
    > BLOCK 12:29:37.371982 OPT1 192.168.0.50, port 2401 255.255.255.255, port 712 UDP
    >
    > Now, the source is the internal IP of my server, which is not connected to the firewall. It's as if the traffic goes through the external interface using the internal ip, and always broadcasts to port 712. Two of my servers are doing that.
    >
    > Has anyone ever seen something like this? It has me completely stumped.
    >
    > Thanks!
    > 

    -- 
---------------------------------------------------------
Eu é que não me sento
No trono de um apartamento
Com a boca escancarada
Cheia de dente, esperando a morte chegar
Porque longo das cercas embandeiradas
Que separam quintais
No cume calmo do meu olho que vê
Assenta a sombra sonora
Dum disco voador...
Raul Seixas
---------------------------------------------------------
>>>Fósforo<<<
  • Next message: Steven Kalcevich: "Re: University Degree or CISSP"
    Loading