Date: Mon, 12 Nov 2001 08:59:47 -0500 From: "Wade Majors" <wade@ezri.org> To: <security@freebsd.org> Subject: Filtering packets based on incoming address [ack. plaintext now] Message-ID: <001201c16b82$4da9d1e0$9700a8c0@ezri>
next in thread | raw e-mail | index | archive | help
When reading through http://www.sans.org/top20.htm the other day, I noticed G5. It talks about how packets can be "spoofed" to really target a machine on my network and not the gateway. I added these rules to my /etc/ipfw.rules file: # block spoofed packets going to private network add 00001 deny ip from any to 192.168.0.1/24 in recv fxp0 # block sppoofed packets going to cable modem add 00002 deny ip from any to 10.97.48.1 in recv fxp0 These are the only things before natd, which is rule 00050. In the few days I've had them in; it hasn't caught anything, so I'm going to assume this isn't breaking anything legitimate. The question is: is this the right way to check for this stuff, anyway? Should I even worry about this since my network using private IPs? -Wade To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001201c16b82$4da9d1e0$9700a8c0>