[prev in list] [next in list] [prev in thread] [next in thread]
List: suse-security
Subject: Re: [suse-security] host.deny and spoofing
From: Robert Davies <rob_davies () ntlworld ! com>
Date: 2002-02-05 12:01:52
[Download RAW message or body]
On Tuesday 05 February 2002 11:44, Praise wrote:
> Il 08:13, marted́ 5 febbraio 2002, John Andersen ha scritto:
> > On Monday 04 February 2002 05:37 am, Robert Davies wrote:
> It does not route to 127.0.0.1. It routes FROM 127.0.0.1, sometimes.
The kernel's rp_filter should detect this, it's turned on without me taking
action on my SuSE system (perhaps by the firewall scripts though I haven't
noticed them setting this). Previously with Red Hat 6, I had to enable it
myself like this :
# Enable Anti-Spoof protection - sets source route verification
for f in all default eth0 lo
do
echo 1 > /proc/sys/net/ipv4/conf/$f/rp_filter
done
# Disable on internal interfaces, as we can have asymmetric routing
for f in eth1 eth2
do
echo 0 > /proc/sys/net/ipv4/conf/$f/rp_filter
done
Now I just checked it under SuSE dialup system using SuSE personal firewall I
have :
oak:/work/dist/firewall # for iface in /proc/sys/net/ipv4/conf/*/rp_filter
> do echo "$iface `cat $iface`"
> done
/proc/sys/net/ipv4/conf/all/rp_filter 1
/proc/sys/net/ipv4/conf/default/rp_filter 1
/proc/sys/net/ipv4/conf/eth0/rp_filter 1
/proc/sys/net/ipv4/conf/eth1/rp_filter 1
/proc/sys/net/ipv4/conf/lo/rp_filter 1
/proc/sys/net/ipv4/conf/ppp0/rp_filter 1
Rob
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic