On Fri, 20 Apr 2001, Ionut Bogdan wrote:
>
> Salve!
>
[...]
>
> Si btw cum poate ajunge un personaj pina la portile unui server venind de pe
> adresa 192.168.1.0???
> Ca prin logurile scoase de ipchains imi tot apare unul venind de la adresa
> asta si imi tot incearca
> portul de netbios....si n-am nici o idee cum ajunge asta cu adresa
> respectiva.
Daca vine din ``internet'' in mod normal n`ar trebui sa poata folosi
aceasta adresa ca sa`i mai fie si rutate pachetele, deci e clar ca e
spoofing ... banuiesc ca ai pus pe enable spoofing protection pentru
interfetele de retea care te intereseaza, daca nu:
1. Citeste in IPCHAINS-HOWTO la
5.7 How Do I Set Up IP Spoof Protection?
si acolo zice procedura:
The best way to protect from IP spoofing is called Source Address
Verification, and it is done
by the routing code, and not firewalling at all. Look for a file called
/proc/sys/net/ipv4/conf/all/rp_filter. If this exists, then turning on
Source Address
Verification at every boot is the right solution for you. To do that,
insert the following
lines somewhere in your init scripts, before any network interfaces are
initialized:
# This is the best method: turn on Source Address Verification and get
# spoof protection on all current and future interfaces.
if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]; then
echo -n "Setting up IP spoofing protection..."
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 1 > $f
done
echo "done."
else
echo PROBLEMS SETTING UP IP SPOOFING PROTECTION. BE WORRIED.
echo "CONTROL-D will exit from this shell and continue system startup."
echo
# Start a single user shell on the console
/sbin/sulogin $CONSOLE
fi
Si te rog zi`mi daca mai apar in loguri pachete de la 192.168.x.x dupa
asta. Is curios cum functioneaza mecanismul asta din kernel
>
> Cum ziceam orice idee e super-binevenita :)
> ByE!
>
Sal
Bogdan M.
