Re: Attempt on smtpd / faking remote ip

[Andreas Vent-Schmidt <a.vent@procommerz.de>]

Hi Ralph,

thanks for the hint.

At 23:59 Uhr +0200 04.04.2004, Ralph Paßgang wrote:
> you should also filter out 127.0.0.0/8 on any network interface but "lo".
>
> so that spoofing with localhost-adresses is not possible anymore.
>
> ( for example:
> iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -o lo -p ALL -j ACCPET
> iptables -A OUTPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -o lo -p ALL -j ACCPET
> iptables -A INPUT -s 127.0.0.0/8 -d 0/0 -p ALL -j REJECT
> iptables -A OUTPUT -s 0/0 -d 127.0.0.0/8 -p ALL -j REJECT

I did it like this, but after the first line 
iptables said: "cannot use parameter -o with 
INPUT" (or something like this - I can't remember 
exactly).

So I left out "-o lo" at the INPUT rule, and also 
left out "-i lo" at the OUTPUT rule. Thne 
everything was fine. Now I hope that it'll do 
what it is supposed to.

> and for the mail script you use... check your weblog for the time you saw the
> misterous connections in postfix. If there was something you should see the
> hits the access.log

I have had checked it before my last posting: no entries.

Thanks again,
Andreas

--
procommerz - Internet fuer Unternehmen
http://www.procommerz.de | 033925-90710

Stoppt TCPA, das Zensursystem von Microsoft! | http://www.againsttcpa.com