Mikko Lyly wrote: > i know this proly does not belong in this list but if any one has an idea why i am >geting this please tell! > > i keep geting this stuff to kernel logs > > Forged DCC command from 10.255.128.4: 62.71.235.143:10388 > Forged DCC command from 10.255.128.4: 62.71.235.143:10388 > Forged DCC command from 10.255.128.4: 62.71.235.143:10347 > Forged DCC command from 10.255.128.4: 62.71.235.143:10378 > Forged DCC command from 10.255.128.4: 62.71.235.143:10336 >
Hmm IIRC the reason is the remote site not masquerading proper. DCC transfer requests contain the ip, so if the remote person is masquerading his traffic but not also changing the ip contained in the dcc request iptables refuses to accept the connection as related because the two ips differ. The RELATED expectation is made by the connection tracking helper which parses the dcc requests. If it would accept it, it would allow 10.255.128.4 to connect to some port on your system, so someone evil could easily cirumvent your packet filter rules by sending forged dcc requests. Bye, Patrick _______________________________________________ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
