Thanks Antony... Do you have a script or something where I can find protection rules? > On Wednesday 05 November 2003 7:31 pm, Leandro Takashi Hirano wrote: > >> Thanks for the port scanner help.... >> >> Now I would like to know about the IP Spoofing rule, how does it >> works? >> >> - iptables -A INPUT -s 192.168.1.0/24 -i ! eth0 -j DROP > > Any packet with a source address in the Class C range 192.168.1.x which > does not come from eth0 will be DROPped. > >> - iptables -A INPUT ! -s 192.168.1.0/24 -i eth0 -j DROP > > Any packet which comes from eth0 and has a source address other than the > Class C 192.168.1.x will be DROPped. > >> I don´t know how can it block ip spoofing attack... > > These rules assume that eth0 is your internal network, and your internal > network range is 192.168.1.0/24. > > No packets with your own source address should come from outside (rule > 1) and all packets from inside should have your own source address > (rule 2). > > Therefore these two rules stop people on the outside pretending that > they live on your network, and people on the inside pretending that > they don't. > > Antony. > > -- > > In Heaven, the police are British, the chefs are Italian, the beer is > Belgian, the mechanics are German, the lovers are French, the > entertainment is American, and everything is organised by the Swiss. > > In Hell, the police are German, the chefs are British, the beer is > American, the mechanics are French, the lovers are Swiss, the > entertainment is Belgian, and everything is organised by the Italians. > Please reply to the > list; > please don't > CC me.
