On Mon, 21 Jun 2004, Shaun T. Erickson wrote: > Shaun T. Erickson wrote: > > > Are there any cases where iptables can be confused about what interface > > a packet came in on? Can a packet arriving on interface A ever be > > reported as arriving on interface B? > > > > I had an incident this weekend, and am trying to be certain that the > > packets came in the interface my system said it did. It's a Red Hat 9 > > system, running their stock 2.4.20-8 kernel. > > Please, can anyone answer this for me? I'm trying to prove or disprove a > theory that would explain an apparent intrusion incident over the > weekend. It's very important that I know the definitive answer to this. It can't happen. I'd investigate further assuming IP address forgery. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary
