"Phillip Hofmeister" <[EMAIL PROTECTED]> writes: [snip] > > If an attacker in the same network sets a route like that: > > > > 127.0.0.1 Gateway <your official ip address> Interface <his > > externel interface> > Couldn't this be countered with: > ipchains -i !lo -d 127.0.0.1 -j DENY > ?
Better, iptables -A INPUT -m state --state INVALID -j LOG iptables -A INPUT -m state --state INVALID -j DROP (and OUTPUT as well, for those paranoid enough to do egress filtering). Also, echo 1 > /proc/sys/net/ipv4/conf/*/rp_filter with echo 1 > /proc/sys/net/ipv4/conf/*/log_martians for logging/fun purposes. ~Tim -- Another day, |[EMAIL PROTECTED] Another kernel recompile |http://spodzone.org.uk/