Re: Fw: Can a daemon listen only on some interfaces?

[Guido Hennecke <g.hennecke@t-online.de>]

Please dont answer to the list _and_ to me. Thank you.

At 09.12.2001, Tim Haynes wrote:
> "Phillip Hofmeister" <plhofmei@svsu.edu> writes:
> [snip]
> > >       If an attacker in the same network sets a route like that:
> > >
> > >         127.0.0.1  Gateway <your official ip address>   Interface <his
> > >         externel interface>
> > Couldn't this be countered with:
> > ipchains -i !lo -d 127.0.0.1 -j DENY
> > ?
> Better,
>         iptables -A INPUT -m state --state INVALID -j LOG
>         iptables -A INPUT -m state --state INVALID -j DROP

Dont no much about iptables.

> (and OUTPUT as well, for those paranoid enough to do egress filtering).
> 
> Also,
>         echo 1 > /proc/sys/net/ipv4/conf/*/rp_filter
> with    echo 1 > /proc/sys/net/ipv4/conf/*/log_martians
> for logging/fun purposes.

rp_filter will not help with that.

Regards, Guido