On 08/15/08 09:17, Stephen Isard wrote:
Ok! Now I find the printers. (I also had to stick -j ACCEPT at the
ends of the lines. You were probably taking that for granted.)
Good!
Assuming you really mean that last "not", then my description
seems to apply. So if a bad guy knew how take advantage of udp
broadcasts to arbitrary high numbered ports, he could sit there waiting
for a cups broadcast and then send his evil packets from his port 161 to
whichever of my ports he wanted. Fortunately, such broadcasts will not
be very frequent, since once the printers are discovered, there is no
need to rediscover them until something changes. But still it would be
better to match the broadcast port number. A new feature?
If you are worried about someone else spoofing an IP in your recent
list, look in to the --rttl option to have the recent list remember the
TTL values of packets and require them to be the same. This way if some
jerk off who is more hops away from you is trying to pretend to be you,
his traffic will appear to be at a different TTL than yours. This is
not fool proof, but it will sure help reduce the risk of exposure that
you are referring to.
Grant. . . .
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
