[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Fw: Can a daemon listen only on some interfaces?

"Phillip Hofmeister" <plhofmei@svsu.edu> writes:

[snip]
> >       If an attacker in the same network sets a route like that:
> >
> >         127.0.0.1  Gateway <your official ip address>   Interface <his
> >         externel interface>
> Couldn't this be countered with:
> ipchains -i !lo -d 127.0.0.1 -j DENY
> ?

Better,
        iptables -A INPUT -m state --state INVALID -j LOG
        iptables -A INPUT -m state --state INVALID -j DROP

(and OUTPUT as well, for those paranoid enough to do egress filtering).

Also,
        echo 1 > /proc/sys/net/ipv4/conf/*/rp_filter
with    echo 1 > /proc/sys/net/ipv4/conf/*/log_martians
for logging/fun purposes.

~Tim
-- 
Another day,                                |piglet@stirfried.vegetable.org.uk
Another kernel recompile                    |http://spodzone.org.uk/
Reply to: