Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: RADDS Support Team <support@...>
Subject: Re: [OT?] automatically firewalling off IPs
Date: Sat, 08 Oct 2005 15:40:01 +0200
Eric Paynter wrote:
> On Thu, October 6, 2005 7:37 pm, Tad Glines said:
> 
>>Most infrastructure routers on the net drop/block packets with source
>>route options so spoofing the source IP of a TCP conversation is not
>>generally practical over the internet.
> 
> 
> To be sure, drop source-routed packets at your own firewall too. Don't
> rely on "most" infrastructure to do it for you.
which is best way to do so, then? i'd use sysctl.conf for this:

# Enables source route verification
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0

# Don't Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 0

is there any better?

regards,
Dennis
-- 
gentoo-security@g.o mailing list


References:
Re: [OT?] automatically firewalling off IPs
-- Matan Peled
RE: [OT?] automatically firewalling off IPs
-- Tad Glines
RE: [OT?] automatically firewalling off IPs
-- Eric Paynter
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
RE: [OT?] automatically firewalling off IPs
Next by thread:
Re: [OT?] automatically firewalling off IPs
Previous by date:
RE: [OT?] automatically firewalling off IPs
Next by date:
If your interested


Updated Oct 31, 2011

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.