Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: Block martians with source address 127.0.0.1
From: Cedric Blancher (blanchercartel-securite.fr)
Date: Mon May 31 2004 - 10:30:02 CDT
Le lun 31/05/2004 à 12:55, Bjørn Rasmussen a écrit :
> The kernel on the firewall logs these packets as martians which it
> should do, but my rules will not log or block these packets. Anybody
> who knows how to do it? Is it possible? I guess there are situations
> were malicious persons could at least perform a DoS-attack?
As a general rule, when a Linux box receive a packet sourced with one of
its adresses, it is silently discarded at routing process. So your INPUT
stuff should not see the packet coming.
Furthermore, if reverse path filtering (rp_filter) is enabled, then
martians are automaticly discarded, before they get to INPUT or FORWARD.
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
>> Hi! I'm your friendly neighbourhood signature virus.
>> Copy me to your signature file and help me spread!