[Gllug] iptables - a quick question
gllug at uncertainty.org.uk
gllug at uncertainty.org.uk
Thu Nov 29 19:43:12 UTC 2001
On Thu, Nov 29, 2001 at 12:34:51PM +0000, will wrote:
> tet at accucard.com wrote:
>
> >>>You are, of course, setting firewall rules to detect incoming packets
> >>>with spoofed local addresses.
> >>>
> >>How is this possible? How do you detect a spoofed IP?
> >>
> >
> > It's a firewall, so you have two network interfaces, one to the outside
> > world, one to your internal network. If packets come in on the externally
> > connected interface claiming to have a source IP from your internal
> > network, then they're obviously spoofed, and should be blocked.
>
>
> I only have one nic as the PC is my workstation. Is it possible to
maybe you have a serial/usb network interface as well as an ethernet
card ?
> spoof an IP as 127.0.0.1, or localhost accross the Internet? One of the
yes
> enterprise (!starship) techs suggested that the linux kernel would not
> allow a packet to be sent out with a source IP of 127.0.0.1.
don't know - but I guess that limitation could be removed
In any case you can block all 127.x.x.x arriving on external connections
Unless you have a single NIC providing both LAN and internet you can
also block all LAN ip ranges (192.168.x.x etc)
--
Sean
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 274 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20011129/1f50eda8/attachment.pgp>
More information about the GLLUG
mailing list