Re: Spoofing
in my firewall script i'm create a chain dedicated to spoofed pachet:
EXTIF="eth0"
LOOPBACK="127.0.0.0/8"
CLASS_A="10.0.0.0/8"
CLASS_B="172.16.0.0/12"
CLASS_C="192.168.0.0/16"
CLASS_D_MULTICAST="224.0.0.0/4"
CLASS_E_RESERVED_NET="240.0.0.0/5"
iptables -N spoof
iptables -A spoof -i $EXTIF -s $EGO -j DROP
iptables -A spoof -i $EXTIF -s $CLASS_A -j DROP
iptables -A spoof -i $EXTIF -s $CLASS_B -j DROP
iptables -A spoof -i $EXTIF -s $CLASS_C -j DROP
iptables -A spoof -i $EXTIF -s $CLASS_D_MULTICAST -j DROP
iptables -A spoof -i $EXTIF -s $CLASS_E_RESERVED_NET -j DROP
iptables -A spoof -i $EXTIF -d $LOOPBACK -j DROP
iptables -A INPUT -i $EXTIF -j spoof
you could use this rule too is a good things log pachet before drop
On Fri, 24 Sep 2004 23:04:06 +1000, Daniel Pittman <daniel@rimspace.net> wrote:
> On 24 Sep 2004, Niclas Englund wrote:
> > Thanks for the answer. But why does he wants to act like he belongs to
> > my network???
>
> Because your firewall may incorrectly permit those packets through,
> resulting in your firewall rules being (partially) bypassed.
>
> > Can i get his real IP-adress?
>
> No. Your ISP, and every other ISP in the chain, may be able to, but it
> is extremely non-trivial.
>
> > If i dident have this firewall would my router think that he belongs
> > to my network???
>
> Yes, in many cases.
>
> Also, this situation may occur in cases where the routing is temporarily
> broken, and your router sent the packets out the wrong interface where
> they are correctly sent back. That is rather uncommon, however.
>
> Daniel
> --
> I Dream Of Rain
> I Dream Of Gardens In The Desert Sand
> I Wake In Pain
> I Dream Of Love As Time Runs Through My Hand
> -- Sting, _Desert Rose_
>
>
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>
Reply to: