Gentoo Archives: gentoo-security

From: RADDS Support Team <support@×××××.de>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] [OT?] automatically firewalling off IPs
Date: Sat, 08 Oct 2005 13:44:40
Message-Id: 4347CC31.7070007@radds.de
In Reply to: RE: [gentoo-security] [OT?] automatically firewalling off IPs by Eric Paynter
1 Eric Paynter wrote:
2 > On Thu, October 6, 2005 7:37 pm, Tad Glines said:
3 >
4 >>Most infrastructure routers on the net drop/block packets with source
5 >>route options so spoofing the source IP of a TCP conversation is not
6 >>generally practical over the internet.
7 >
8 >
9 > To be sure, drop source-routed packets at your own firewall too. Don't
10 > rely on "most" infrastructure to do it for you.
11 which is best way to do so, then? i'd use sysctl.conf for this:
12
13 # Enables source route verification
14 net.ipv4.conf.default.rp_filter = 1
15 net.ipv4.conf.default.accept_source_route = 0
16
17 # Don't Log Spoofed Packets, Source Routed Packets, Redirect Packets
18 net.ipv4.conf.all.log_martians = 0
19
20 is there any better?
21
22 regards,
23 Dennis
24 --
25 gentoo-security@g.o mailing list