Yes, but the kernel has to be compiled to support it (The default kernels
have this compiled in, so no worry)
-Original Message-
From: Tanner, Robby [SMTP:[EMAIL PROTECTED]]
Sent: Thursday, February 01, 2001 6:10 PM
To: '[EMAIL PROTECTED]'
Subject: RE: Source Address
never hurts to make sure someone is really coming from where they say they
are...
-Original Message-
From: Tanner, Robby [SMTP:[EMAIL PROTECTED]]
Sent: Thursday, February 01, 2001 3:31 PM
To: '[EMAIL PROTECTED]'; 'Linux Group (Saskatoon)'; 'Linux (LOSURS
QA)'
Subject: Source
But isn't that what SAV does?
-Original Message-
From: Burke, Thomas G. [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 01, 2001 3:28 PM
To: '[EMAIL PROTECTED]'
Subject: RE: Source Address Verification
never hurts to make sure someone is really coming from where
they say
PROTECTED]]
Sent: Thursday, February 01, 2001 4:33 PM
To: '[EMAIL PROTECTED]'
Subject: RE: Source Address Verification
But isn't that what SAV does?
-Original Message-
From: Burke, Thomas G. [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 01, 2001 3:28 PM
According to the HOWTO, all I need to do is echo "1"
/proc/sys/net/ipv4/conf/*/rp_filter to enable source address verification
(see page 38).
"The best way to protect from IP spoofing is called Source Address
Verification, and it is done by the routing code, and not firewalling at
all."