I has this alert on my acid console today:

url[cve][icat][snort] BAD-TRAFFIC same SRC/DST

looks like someone has targetted my ip for a land attack...darnit just my luck

i have this rule set in iptables

iptables -I INPUT -s ${my_ip} -d ${my_ip} -j DROP

for my static ip on eth0 ...now the problem is the land attack was using my internet ip which is DHCP (provided by isp)

ie source ip >219.95.225.*** and destination ip> 219.95.225.***

how do i setup firewall rules to block this attack?? I dont want to constantly change rules or monitor the ip assigned by my ISP

p/s: i've read that linux isn't particularly vulnerable to land attacks ..but i'd rather be paranoid than sorry

Try "iptables -I INPUT -p UDP -d ${my_ip} --dport 68 -s $ISP_DHCP_SERVER --sport 67 -j LOG" to see if it catches on. If it does, chng target to DROP.

thanks unSpawn ...i'll give it a shot and see what message logs i get

If its not too much trouble...mind explaining the iptables rule u mentioned to aid my understanding?

mind explaining the iptables rule

[i]"iptables -I INPUT -p UDP -d ${my_ip} --dport 68 -s $ISP_DHCP_SERVER --sport 67 -j LOG"[i]
The shell variable $ISP_DHCP_SERVER should hold the IP address of your ISP's DHCP server.
The source port is UDP/67, which is DHCPd (daemon) and the destination port is UDP/68, which should be DHCPc (client).