I has this alert on my acid console today:
url[cve][icat][snort] BAD-TRAFFIC same SRC/DST
looks like someone has targetted my ip for a land attack...darnit just my luck
i have this rule set in iptables
iptables -I INPUT -s ${my_ip} -d ${my_ip} -j DROP
for my static ip on eth0 ...now the problem is the land attack was using my internet ip which is DHCP (provided by isp)
ie source ip >219.95.225.*** and destination ip> 219.95.225.***
how do i setup firewall rules to block this attack?? I dont want to constantly change rules or monitor the ip assigned by my ISP
p/s: i've read that linux isn't particularly vulnerable to land attacks ..but i'd rather be paranoid than sorry