Hi, On Wed, 29 Oct 2008 14:20:36 +0100, Pierre LEBRECH <pierre.lebrech@xxxxxxxxxxx> wrote: > Hi, > > It seems that even if I drop some INPUT packets with iptables, tcpdump > still sees these packets arriving on the ethernet interface. > > Could anybody explain me a bit about this? The pcap driver catch the packet before it's processed by netfilter. This is a known issue that has even been used in a rootkit PoC to communicate with the rootkit before the firewall drops the packet. > > Thanks > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > Regards, Julien -- www.linuxwall.info -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
