List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
Eric Paynter wrote:
> On Thu, October 6, 2005 7:37 pm, Tad Glines said:
>>Most infrastructure routers on the net drop/block packets with source
>>route options so spoofing the source IP of a TCP conversation is not
>>generally practical over the internet.
> To be sure, drop source-routed packets at your own firewall too. Don't
> rely on "most" infrastructure to do it for you.
which is best way to do so, then? i'd use sysctl.conf for this:
# Enables source route verification
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
# Don't Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 0
is there any better?
email@example.com mailing list