[lug] Martians!
Anders Knudsen
andersk at uswest.net
Fri Mar 9 07:43:13 MST 2001
I am loggin martians with my ipchains filters...can someone
explain/enlighten me what is "someone" trying to do? Also, with these
rules, am I saved, or?
TIA, -anders.
Here is what the log entry looks like.
Mar 8 20:46:23 fulcrum kernel: martian destination 3a433900 from 0264a8c0,
dev eth0
Following is the snippet from my ipchains script that "blocks?" this.
# Disable IP spoofing attacks.
#
# This drops traffic addressed for one network though it is being received on a
# different interface.
#
echo " - Disabling IP Spoofing attacks."
for file in /proc/sys/net/ipv4/conf/*/rp_filter
do
echo "2" > $file
done
# Comment the following out of you are not using a dynamic address
#
echo " - Enabling dynamic TCP/IP address hacking."
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
# Enable TCP SYN Cookie protection:
#
echo " - Enable TCP SYN Cookie protection"
echo "1" > /proc/sys/net/ipv4/tcp_syncookies
# Ensure that various ICMP sanity settings are there
#
echo " - Enable ICMP sanity settings"
# Disable ICMP broadcast echo protection
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
# Enable bad error message protection
echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
# Disable ICMP Re-directs
for file in /proc/sys/net/ipv4/conf/*/accept_redirects; do
echo "0" > $file
# Ensure that source-routed packets are dropped
# - If you are running IPROUTE2, this will need to be DISABLED
#
echo " - Ensure that source-routed packets are dropped "
for file in /proc/sys/net/ipv4/conf/*/accept_source_route; do
echo "0" > $file
done
# Log spoofed, source-routed, and redirect packets
#
echo " - Log spoofed, source-routed, and redirect packets "
for file in /proc/sys/net/ipv4/conf/*/log_martians; do
echo "1" > $file
done
More information about the LUG
mailing list