Preventing IP Spoofing through IPTABLES
Hello Friends,
I am creating a firewall and with the help of iptables i want to prevent IP Spoofing . Also some tricks of iptables that can help me in preventing from some intruders and attacks. thanx for the same. bye and good time, Ankur. om shanti. |
As far as I know, preventing spoofing with iptables is really limited to blocking IANA reserved IP addresses or blocking access to IPs that shouldn't be sending traffic over a certain interface (for example, suddenly seeing traffic from your external DNS server on the internal interface should set off alarms). The sysctl rp_filter setting can help with this somewhat, at least in detecting and denying traffic with impossible routes. tcp_wrappers also has a setting 'PARANOID' that will reject traffic whose hostname and IP address don't agree. Some indivdual daemons (like SSHd) have some built-in spoofing protections as well.
|
So, one could set up rules like that only with a machine that has more than one network interface?
|
You can do it on a machine with one interface -- just drop all outgoing traffic that doesn't have the correct source IP. Note that machines with one ethernet interface may still have multiple IP addresses, so you need to take that into consideration if it applies to you.
|
Quote:
|
# Setting up IP spoofing protection
if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ] then for f in /proc/sys/net/ipv4/conf/*/rp_filter do echo 1 > $f done fi |
I'm not exactly sure what that is.
I'm not really a linux newbie, but then again I'm not real experienced with linux either - somewhere in the middle I guess. Anyway, I use Webmin to configure iptables, and that's in plain english... Here's how my current ruleset goes in english: Incoming[list=1][*]Accept anything from interface lo[*]accept anything with state of connection related or established[*]accept all icmp[*]rules dealing with services running[*]deny and log everything else[/list=1] The ruleset is similar for the outgoing chain as well. Is there a way to set up IP spoofing protection using Webmin (or rules)? |
My reply is part of your shell script in which you setup the IP-Tables at runtime.
Peter |
Quote:
With regards to how a machine could get an invalid IP or more than 1 IP, both of these are trivial. Using the ifconfig command you can assign whatever IP you like and with IP aliases you can assign as many as you like (I've heard of systems with several thousand IPs assigned to a single interface. |
All times are GMT -5. The time now is 07:27 PM. |