[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Fw: Can a daemon listen only on some interfaces?

"Phillip Hofmeister" <plhofmei@svsu.edu> writes:

> >       If an attacker in the same network sets a route like that:
> >
> >  Gateway <your official ip address>   Interface <his
> >         externel interface>
> Couldn't this be countered with:
> ipchains -i !lo -d -j DENY
> ?

        iptables -A INPUT -m state --state INVALID -j LOG
        iptables -A INPUT -m state --state INVALID -j DROP

(and OUTPUT as well, for those paranoid enough to do egress filtering).

        echo 1 > /proc/sys/net/ipv4/conf/*/rp_filter
with    echo 1 > /proc/sys/net/ipv4/conf/*/log_martians
for logging/fun purposes.

Another day,                                |piglet@stirfried.vegetable.org.uk
Another kernel recompile                    |http://spodzone.org.uk/

Reply to: