[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Rejecting connections to 127.0.0.1 from eth0

> Michael Loftis wrote:
> > Either way, something more nefarious than a portscan is going on if
> > the DEST IP is not one of yours.  if the *SOURCE* IP is 127.0.0.1
> > (which I find more likely) then that's just spoofed packets and you
> > need better ingress/egress filtering at the borders of your network.

On 11.11.06 16:19, Matt Cuttler wrote:
> Regardless, you probably want to keep those two iptables rules in place
> (the two rules that drop traffic with source and dest address of
> 127.0.0.1 on interfaces ! = lo).

I think rp_filter turned on should be enough for the case source IP is
localhost. Debian turns it on by default (although this was already reported
as not RFC compliant) and it causes computer to drop all packets that come
from different interface than it belongs according to source address.

If 127.0.0.1 is the destination address, I am not sure if host not set up as
router will accept such packets (iirc, on solaris routing meant forwarding
packets between interfaces, so they wouldn't even reach looopback).

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
LSD will make your ECS screen display 16.7 million colors
Reply to: