Am Dienstag 06 April 2004 17:37 schrieben Sie:
Hi Ralph,
thanks for the hint.
[...]
I did it like this, but after the first line
iptables said: cannot use parameter -o with
INPUT (or something like this - I can't remember
exactly).
So I left out -o lo at the INPUT rule, and also
left
Hi Ralph,
thanks for the hint.
At 23:59 Uhr +0200 04.04.2004, Ralph Paßgang wrote:
you should also filter out 127.0.0.0/8 on any network interface but lo.
so that spoofing with localhost-adresses is not possible anymore.
( for example:
iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -o lo -p
Am Dienstag 06 April 2004 17:37 schrieben Sie:
Hi Ralph,
thanks for the hint.
[...]
I did it like this, but after the first line
iptables said: cannot use parameter -o with
INPUT (or something like this - I can't remember
exactly).
So I left out -o lo at the INPUT rule, and also
left
sorry, I forgot to put in the link after because you are german: :))
so here it is:
http://www.heise.de/security/result.xhtml?url=/security/artikel/43066words=Cookie
its about syn floods and the syncookies thing :)
--Ralph
Hi folks,
today I got some strange messages in the log files. It's a quite
usual woody box (apache, some (about 15) POP accounts, no smtp
relaying, no ftp accounts, nothing exciting) with postfix install
from .deb-package.
## snip #
Apr 4 07:11:15
Hi!
It looks like your friend is trying to inject pakets into your smtp with
faked (spoofed) ips. In this particular case he sends as localhost.
I guess he does seqeunce-number guessing, so he assumes there is a
running connection and if he hits the sequence, he may do nasty things
with your
you should also filter out 127.0.0.0/8 on any network interface but lo.
so that spoofing with localhost-adresses is not possible anymore.
( for example:
iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -o lo -p ALL -j ACCPET
iptables -A OUTPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -o lo -p
Hi folks,
today I got some strange messages in the log files. It's a quite
usual woody box (apache, some (about 15) POP accounts, no smtp
relaying, no ftp accounts, nothing exciting) with postfix install
from .deb-package.
## snip #
Apr 4 07:11:15
Hi Andreas,
thanks a lot for your hints.
At 12:54 Uhr +0200 04.04.2004, Andreas John wrote:
It looks like your friend is trying to inject pakets into your smtp with
faked (spoofed) ips. In this particular case he sends as localhost. I guess
...
more likely that he tries to overflow postfix
you should also filter out 127.0.0.0/8 on any network interface but lo.
so that spoofing with localhost-adresses is not possible anymore.
( for example:
iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -o lo -p ALL -j ACCPET
iptables -A OUTPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -o lo -p
10 matches
Mail list logo