Trilight Zone Forum Index Trilight Zone
Privacy & Anonymity is our specialty !
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

How to avoid Spoofing and bad addresses attack

 
Post new topic   Reply to topic    Trilight Zone Forum Index -> Linux
Author Message
thedark
Second Lieutenant


Joined: 30 Jul 2005
Posts: 1074

PostPosted: Sun Jul 31, 2005 10:16 am    Post subject: How to avoid Spoofing and bad addresses attack Reply with quote
Spoofing and bad address attack tries to fool the server and try to claim that packets had come from local address/network. Following IP/netwok address are know to open this kind of attack:
Incoming source IP address is your servers IP address
Bad incoming address from following ranges:
0.0.0.0/8
127.0.0.0/8
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
192.168.0.0/16
224.0.0.0/3 etc
Your own internal server/network ip address/range

Following rule tries to prevent this kind of attack:

#!/bin/sh
SERVER_IP=”202.54.10.20”
# Add your IP range/IPs here,
SPOOF_IPS=”0.0.0.0/8 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 224.0.0.0/3”
iptables -A INPUT -s $SERVER_IP -j DROP
for ip in $SPOOF_IPS
do
iptables -A INPUT -s -j DROP
done

Also add following line to your /etc/sysctl.conf
net.ipv4.conf.all.rp_filter = 1

This entry enables source address verification which is inbuilt into Linux kernel itself.
Back to top
Display posts from previous:   
Post new topic   Reply to topic    Trilight Zone Forum Index -> Linux All times are GMT
Page 1 of 1

 


Powered by phpBB © 2001, 2005 phpBB Group