* Cedric Blancher (blancher@xxxxxxxxxxxxxxxxxx) wrote: > Le lun 21/06/2004 à 19:45, Shaun T. Erickson a écrit : > > Are there any cases where iptables can be confused about what interface > > a packet came in on? Can a packet arriving on interface A ever be > > reported as arriving on interface B? > > I'm not aware of such a case. Would be quite surprising. > > > I had an incident this weekend, and am trying to be certain that the > > packets came in the interface my system said it did. It's a Red Hat 9 > > system, running their stock 2.4.20-8 kernel. > > Do you have any reason to think your system was wrong ? > In order of likelihood, (highest to lowest): 1) http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.kernel.rpf.html Check your /proc/sys/net/ipv4/conf/$INTF/rp_filter setting. If it is not set, someone might have tried to attack your network from the public side, using private src ips. e.g. this can be used for an attack to make javaVM think that the packets are coming from the host itself or a trusted server. 2) If it is set, then a VPN might still allow such packets into your network, past a firewall. 3) If neither, then it might be an issue with the code in Linux. HTH -- Ranjeet Shetye Senior Software Engineer Zultys Technologies Ranjeet dot Shetye at Zultys dot com http://www.zultys.com/ The views, opinions, and judgements expressed in this message are solely those of the author. The message contents have not been reviewed or approved by Zultys.
