Re: Spoofing

To: debian-firewall@lists.debian.org
Subject: Re: Spoofing
From: Riccardo Tortorici <riccardo.tortorici@email.it>
Date: Fri, 24 Sep 2004 14:02:35 +0200
Message-id: <[🔎] 41540CDB.8000506@email.it>
In-reply-to: <[🔎] 1096025963.4093c1a0niclas.englund@home.se>
References: <[🔎] 1096025963.4093c1a0niclas.englund@home.se>

Imagine your fw with this rule (192.168.10.0 is supposed to be yournetwork):iptables -A INPUT -s ! 192.168.10.0/24 -j DROP #aka deny all IP#addresses except the #ones of your networkdoing the spoof the attacker can elude this rule, since your systemthinks it's coming from inside.You can solve this issue using rp_filter (you are expecting to receivepacket with a certain source address network on a network interface butyou got a different IP so DROP)Regarding your second question is: NO, you can't obtain the real IPaddress.


bye


Niclas Englund wrote:

Thanks for the answer.
But why does he wants to act like he belongs to my network??? Can i get his real IP-adress? If i dident have this firewall would my router think that he belongs to my network???

-----Original Message-----
From: Riccardo Tortorici <riccardo.tortorici@email.it>
To: debian-firewall@lists.debian.org
Date: Fri, 24 Sep 2004 13:19:46 +0200
Subject: Re: Spoofing

You said it! This is spoofing, someone send to your IP, packets with theunexistent ip in the "Source IP Address" field in the packet's header,guessing the IP address exists in your network. That's it..


Niclas Englund wrote:

I got this from my mail from my firewall "Message: IP Spoofing Source: 192.168.0.101, 2240 Destination:X.X.XX, 6882 (from WAN Inbound)" there my XXXX is my ip. How could this be possible??? non of my computer has this ip-adress.
/Niclas


--
- Riccardo Tortorici -
Linux Registered User #365170
Count yourself @ http://counter.li.org/ !
--

HTML email can be dangerous, is not always readable, wastes bandwidthand is simply not necessary please don't send them to me!

If you don't know what I'm talking about please read this:

http://www.georgedillon.com/web/netiquette.shtml#charity



--
Email.it, the professional e-mail, gratis per te: http://www.email.it/f

Sponsor:
Il Cinema a casa Tua!: film e dvd a meno di 10 Euro! Clicca e scopri tutti i titoli
Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=2755&d=24-9

Reply to:

Follow-Ups:
- Re: Spoofing
  - From: Andrea Dalle Vacche <andrea.dallevacche@gmail.com>

References:
- Re: Re: Spoofing
  - From: "Niclas Englund" <niclas.englund@home.se>

Prev by Date: Re: Re: Spoofing
Next by Date: Re: Spoofing
Previous by thread: Re: Re: Spoofing
Next by thread: Re: Spoofing
Index(es):
- Date
- Thread