Help: How to Prevent Source Address Spoofing
in [Linux Networking]
|
From: Amy Lee on 27 Jan 2008 08:22 Hello, I use ADSL to link the Internet, so my ip address is not static, it's dynamic. However, I wanna use iptables to prevent source address spoofing which source address of packets is from my ip address. How to accomplish it? Thank you very much~ Regards, Amy Lee
From: Robert Harris on 27 Jan 2008 09:09 Amy Lee wrote: > Hello, > > I use ADSL to link the Internet, so my ip address is not static, it's > dynamic. However, I wanna use iptables to prevent source address spoofing > which source address of packets is from my ip address. > > How to accomplish it? > > Thank you very much~ > > Regards, > > Amy Lee Your question is not clear. The source address of all the IP packets that you send should be the correct one. You cannot stop other machines spoofing your IP address but the internet will route all packets destined for your IP address to you. Which packets do you want to filter out? Robert
From: Amy Lee on 27 Jan 2008 09:14 On Sun, 27 Jan 2008 14:09:17 +0000, Robert Harris wrote: > Amy Lee wrote: >> Hello, >> >> I use ADSL to link the Internet, so my ip address is not static, it's >> dynamic. However, I wanna use iptables to prevent source address spoofing >> which source address of packets is from my ip address. >> >> How to accomplish it? >> >> Thank you very much~ >> >> Regards, >> >> Amy Lee > > Your question is not clear. The source address of all the IP packets > that you send should be the correct one. You cannot stop other machines > spoofing your IP address but the internet will route all packets > destined for your IP address to you. > > Which packets do you want to filter out? > > Robert Thank you. I wanna filter out the packets send to my machine but which is from my ip address. Amy Lee
From: Robert Harris on 27 Jan 2008 10:36 Amy Lee wrote: > On Sun, 27 Jan 2008 14:09:17 +0000, Robert Harris wrote: > >> Amy Lee wrote: >>> Hello, >>> >>> I use ADSL to link the Internet, so my ip address is not static, it's >>> dynamic. However, I wanna use iptables to prevent source address spoofing >>> which source address of packets is from my ip address. >>> >>> How to accomplish it? >>> >>> Thank you very much~ >>> >>> Regards, >>> >>> Amy Lee >> Your question is not clear. The source address of all the IP packets >> that you send should be the correct one. You cannot stop other machines >> spoofing your IP address but the internet will route all packets >> destined for your IP address to you. >> >> Which packets do you want to filter out? >> >> Robert > Thank you. I wanna filter out the packets send to my machine but which is > from my ip address. > > Amy Lee Ah. Well you should add your iptables rule at the time when DHCP has allocated your computer an IP address. On my system (Debian etch), that would mean adding a little script to the directory: /etc/dhcp3/dhclient-exit-hooks.d where $new_ip_address will contain your new IP address. The script should drop all packets with source and destination both the same as $new_ip_address Robert
From: Amy Lee on 30 Jan 2008 11:24 On Sun, 27 Jan 2008 15:36:52 +0000, Robert Harris wrote: > Amy Lee wrote: >> On Sun, 27 Jan 2008 14:09:17 +0000, Robert Harris wrote: >> >>> Amy Lee wrote: >>>> Hello, >>>> >>>> I use ADSL to link the Internet, so my ip address is not static, it's >>>> dynamic. However, I wanna use iptables to prevent source address spoofing >>>> which source address of packets is from my ip address. >>>> >>>> How to accomplish it? >>>> >>>> Thank you very much~ >>>> >>>> Regards, >>>> >>>> Amy Lee >>> Your question is not clear. The source address of all the IP packets >>> that you send should be the correct one. You cannot stop other machines >>> spoofing your IP address but the internet will route all packets >>> destined for your IP address to you. >>> >>> Which packets do you want to filter out? >>> >>> Robert >> Thank you. I wanna filter out the packets send to my machine but which is >> from my ip address. >> >> Amy Lee > > Ah. Well you should add your iptables rule at the time when DHCP has > allocated your computer an IP address. On my system (Debian etch), that > would mean adding a little script to the directory: > > /etc/dhcp3/dhclient-exit-hooks.d > > where $new_ip_address will contain your new IP address. The script > should drop all packets with source and destination both the same as > $new_ip_address > > Robert Thank you. But my OS is RHEL 3, it seems that I can't find the directory. Regards, Amy
|
Next
|
Last
Pages: 1 2 Prev: iptables with connlimit question Next: NIS questions: AIX server and Linux client |