Re: Attempt on smtpd / faking remote ip
Hi Ralph,
thanks for the hint.
At 23:59 Uhr +0200 04.04.2004, Ralph Paßgang wrote:
you should also filter out 127.0.0.0/8 on any network interface but "lo".
so that spoofing with localhost-adresses is not possible anymore.
( for example:
iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -o lo -p ALL -j ACCPET
iptables -A OUTPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -o lo -p ALL -j ACCPET
iptables -A INPUT -s 127.0.0.0/8 -d 0/0 -p ALL -j REJECT
iptables -A OUTPUT -s 0/0 -d 127.0.0.0/8 -p ALL -j REJECT
I did it like this, but after the first line
iptables said: "cannot use parameter -o with
INPUT" (or something like this - I can't remember
exactly).
So I left out "-o lo" at the INPUT rule, and also
left out "-i lo" at the OUTPUT rule. Thne
everything was fine. Now I hope that it'll do
what it is supposed to.
and for the mail script you use... check your weblog for the time you saw the
misterous connections in postfix. If there was something you should see the
hits the access.log
I have had checked it before my last posting: no entries.
Thanks again,
Andreas
--
procommerz - Internet fuer Unternehmen
http://www.procommerz.de | 033925-90710
Stoppt TCPA, das Zensursystem von Microsoft! | http://www.againsttcpa.com
Reply to: