Also try this - taken from IPCHAINS howto and the SuSE 6.4 manual - I seem
to remember...
#!/bin/sh
# *************************************************************************
# IP Spoof Protection
# *************************************************************************
# 5.7. How Do I Set Up IP Spoof Protection?
# IP spoofing is a technique where a host sends out packets which claim
# to be from another host. Since packet filtering makes decisions based
# on this source address, IP spoofing is uses to fool packet filters.
# It is also used to hide the identity of attackers using SYN attacks,
# Teardrop, Ping of Death and the like (don't worry if you don't know
# what they are).
# The best way to protect from IP spoofing is called Source Address
# Verification, and it is done by the routing code, and not firewalling
# at all. Look for a file called /proc/sys/net/ipv4/conf/all/rp_filter.
# If this exists, then turning on Source Address Verification at every
# boot is the right solution for you. To do that, insert the following
# lines somewhere in your init scripts, before any network interfaces
# are initialized:
# This is the best method: turn on Source Address Verification and get
# spoof protection on all current and future interfaces.
if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]; then
/bin/echo "Setting up IP spoofing protection..." >> /var/log/messages
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
/bin/echo 1 > $f
# /bin/echo "Setting $f..." >> /var/log/messages
done
/bin/echo >> /var/log/messages
else
/bin/echo "PROBLEMS SETTING UP IP SPOOFING PROTECTION..." >>
/var/log/messages
/bin/echo "PROBLEMS SETTING UP IP SPOOFING PROTECTION..."
# /bin/echo "CONTROL-D will exit from this shell and continue system startup."
# /bin/echo
# Start a single user shell on the console
# /sbin/sulogin $CONSOLE
fi
This is the SuSE 6.4 method slightly adjusted. I've commented out the
comments!!.
Regards,
Bruce.
>On 22-May-2000 D.S. Hodgson (Administrator) wrote:
>> I'm sorry, I know this is a slightly stupid question, but I can't find the
>> documentation on the rp_filter "option" in the kernel for filtering
>> spoofing. I
>> know you can "set" it to 1 or 2 (or 0), but what's the difference?
>>
>> Any help would be appreciated, as would direction to where I find the
>> documentation (to avoid further such questions).
>
>/usr/src/linux/Documentation/networking/ip-sysctl.txt
>
>----------------------------------
>E-Mail: Milan P. Stanic <[EMAIL PROTECTED]>
>Key fingerprint = EA81 54A6 7F35 5A38 FCE6 9EF6 9D24 E68E 5C1D AF15
>----------------------------------
>-
>To unsubscribe from this list: send the line "unsubscribe linux-net" in
>the body of a message to [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
