LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-13-2005, 12:20 AM   #1
stakhous
Member
 
Registered: May 2003
Location: PA
Posts: 82

Rep: Reputation: 15

I'm trying to block all broadcast traffic, like you noted above, but I can not get it to work. This is what I have....

---cut from my iptable script---

iptables -t filter -A INPUT -i eth0 -p tcp \
-d 192.168.1.255 -j DROP

iptables -t filter -A INPUT -i eth0 -p udp \
-d 192.168.1.255 -j DROP

---the log from the iptable script---

Jan 13 00:22:46 localhost kernel: Spoofed packet: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:06:25:c4:4a:cb:08:00 SRC=192.168.1.1 DST=192.168.1.255 LEN=139 TOS=0x00 PREC=0x00 TTL=150 ID=0 PROTO=UDP SPT=16231 DPT=162 LEN=119

Jan 13 00:23:06 localhost kernel: Spoofed packet: IN=eth0 OUT= MAC= SRC=192.168.1.107 DST=192.168.1.255 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=520 DPT=520 LEN=32

Jan 13 00:23:27 localhost kernel: Spoofed packet: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:06:25:c4:4a:cb:08:00 SRC=192.168.1.1 DST=192.168.1.255 LEN=145 TOS=0x00 PREC=0x00 TTL=150 ID=0 PROTO=UDP SPT=16530 DPT=162 LEN=125

Jan 13 00:23:46 localhost kernel: Spoofed packet: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:06:25:c4:4a:cb:08:00 SRC=192.168.1.1 DST=192.168.1.255 LEN=145 TOS=0x00 PREC=0x00 TTL=150 ID=0 PROTO=UDP SPT=16703 DPT=162 LEN=125

Jan 13 00:24:06 localhost kernel: Spoofed packet: IN=eth0 OUT= MAC= SRC=192.168.1.107 DST=192.168.1.255 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=520 DPT=520 LEN=32

and on and on and on.....


Any ideas???


Thanks, any helpful ideas would be greatly appreciated.
 
Old 01-13-2005, 12:39 AM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
//Moderator note: Looks like a little bit different issue than the original post, so I'm spitting this into a new thread.
 
Old 01-13-2005, 12:48 AM   #3
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
In this case, it looks like you're seeing network traffic from a nearby router (packets are snmp-trap and routed).

Your rules should work fine for blocking packets to the host itself, as long as you don't have any earlier rules that allow those packets. If your system does anykind of IP forwarding to other machines, then you'd need rules for the FORWARD chain as well. However, the kernel log messages indicate that the packets were dropped and flagged as spoofing attempts (due likely to the IP address). If you have rp_filter turned on, they are automagically dropped.

Last edited by Capt_Caveman; 01-13-2005 at 12:51 AM.
 
Old 01-18-2005, 03:16 PM   #4
stakhous
Member
 
Registered: May 2003
Location: PA
Posts: 82

Original Poster
Rep: Reputation: 15
Thanks for the new thread.

And yes this computer is acting as a router, and I didnt' even try to filter on the FORWARD chain. I will also look int rp_filter.

Thanks, I'll post what happens.

Last edited by stakhous; 01-18-2005 at 03:18 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
blocking an IP using iptables picox Linux - Security 7 12-10-2010 03:00 PM
Not able to block Network Broadcast using IPTABLES ! aronnok Linux - Security 8 01-14-2005 09:58 PM
Blocking squid through iptables jomy Linux - Networking 1 12-20-2004 10:24 AM
how to broadcast tv over an ip network? andrewlkho Linux - General 5 08-10-2003 10:46 AM
Blocking Kazaa with Iptables, Anyone? markng Linux - Security 6 06-27-2003 07:35 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:28 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration