Re: Fw: Can a daemon listen only on some interfaces?
Please dont answer to the list _and_ to me. Thank you.
At 09.12.2001, Tim Haynes wrote:
> "Phillip Hofmeister" <plhofmei@svsu.edu> writes:
> [snip]
> > > If an attacker in the same network sets a route like that:
> > >
> > > 127.0.0.1 Gateway <your official ip address> Interface <his
> > > externel interface>
> > Couldn't this be countered with:
> > ipchains -i !lo -d 127.0.0.1 -j DENY
> > ?
> Better,
> iptables -A INPUT -m state --state INVALID -j LOG
> iptables -A INPUT -m state --state INVALID -j DROP
Dont no much about iptables.
> (and OUTPUT as well, for those paranoid enough to do egress filtering).
>
> Also,
> echo 1 > /proc/sys/net/ipv4/conf/*/rp_filter
> with echo 1 > /proc/sys/net/ipv4/conf/*/log_martians
> for logging/fun purposes.
rp_filter will not help with that.
Regards, Guido
Reply to: