[rhn-users] Spoofed packet question
jludwig
wralphie at comcast.net
Mon May 3 16:51:18 UTC 2004
On Sun, 2004-05-02 at 07:18, J wrote:
> In general, anti-spoofing is a check that the packet comes from an
> interface that is supposed to be where the source address says it is.
>
> I don't know if anti-spoofing is available with IP tables - but this is
> the sort of thing that you will be looking for.
>
> For example, Checkpoint Firewall-1 provides antispoofing by demanding
> that the administrator teach it all the subnets that sit behind each
> firewall.
>
> CyberGuard firewalls work the same out from the rote table.
>
>
>
>
> On Sun, 2004-05-02 at 05:43, pete at chemistry.montana.edu wrote:
> > In make our systems more secure from being rooted, it know that an
> > attacker can get through a firewall using a "spoofed packet". I'm using
> > IPtables. Does anybody have any information how the packet is spoofed,
> > what to look for, and way to enhance a firewall against this.
> >
> > Thanks in advance.
> >
> > Pete
> >
> >
> >
> >
> > _______________________________________________
> > rhn-users mailing list
> > rhn-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/rhn-users
Spoof checks are easy --- For iptables -I INPUT -i EXTIF -s INTNET -j
REJECT
1) EXTIF -- your internet ethernet or ppp connection
2) INTNET -- your lan or your ip address
The other just like it.
Also iptables -I INPUT -i EXTIF -s 127.x.x.x -j REJECT
The 'I' puts these rules in as rule 1 and 2
Read man iptables to finish and understand these rules.
Also see http://www.linuxguruz.com/iptables/
--
jludwig <wralphie at comcast.net>
More information about the rhn-users
mailing list