Gentoo Archives: gentoo-security

From: RADDS Support Team <support@×××××.de>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] [OT?] automatically firewalling off IPs
Date: Sat, 08 Oct 2005 13:44:40
In Reply to: RE: [gentoo-security] [OT?] automatically firewalling off IPs by Eric Paynter
Eric Paynter wrote:
> On Thu, October 6, 2005 7:37 pm, Tad Glines said: > >>Most infrastructure routers on the net drop/block packets with source >>route options so spoofing the source IP of a TCP conversation is not >>generally practical over the internet. > > > To be sure, drop source-routed packets at your own firewall too. Don't > rely on "most" infrastructure to do it for you.
which is best way to do so, then? i'd use sysctl.conf for this: # Enables source route verification net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.default.accept_source_route = 0 # Don't Log Spoofed Packets, Source Routed Packets, Redirect Packets net.ipv4.conf.all.log_martians = 0 is there any better? regards, Dennis -- gentoo-security@g.o mailing list