From owner-freebsd-security Mon Nov 12 5:21:58 2001 Delivered-To: freebsd-security@freebsd.org Received: from smtp-server6.tampabay.rr.com (smtp-server6.tampabay.rr.com [65.32.1.43]) by hub.freebsd.org (Postfix) with ESMTP id DB9F037B405 for ; Mon, 12 Nov 2001 05:21:44 -0800 (PST) Received: from ezri (24129137hfc158.tampabay.rr.com [24.129.137.158]) by smtp-server6.tampabay.rr.com (8.11.2/8.11.2) with ESMTP id fACDLiS26571 for ; Mon, 12 Nov 2001 08:21:44 -0500 (EST) From: "Wade Majors" To: Subject: Filtering packets based on incoming address Date: Mon, 12 Nov 2001 08:21:14 -0500 Message-ID: <000001c16b7c$eb2f0ad0$9700a8c0@ezri> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C16B53.025902D0" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C16B53.025902D0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit When reading through http://www.sans.org/top20.htm the other day, I noticed G5. It talks about how packets can be "spoofed" to really target a machine on my network and not the gateway. I added these rules to my /etc/ipfw.rules file: # block spoofed packets going to private network add 00001 deny ip from any to 192.168.0.1/24 in recv fxp0 # block sppoofed packets going to cable modem add 00002 deny ip from any to 10.97.48.1 in recv fxp0 These are the only things before natd, which is rule 00050. In the few days I've had them in; it hasn't caught anything, so I'm going to assume this isn't breaking anything legitimate. The question is: is this the right way to check for this stuff, anyway? Should I even worry about this since my network using private IPs? -Wade ------=_NextPart_000_0001_01C16B53.025902D0 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

When reading through http://www.sans.org/top20.htm the other day, I noticed G5. It talks about how packets can be = “spoofed” to really target a machine on my network and not the = gateway.

 

I added these rules to my /etc/ipfw.rules file:

 

# block spoofed packets = going to private network

add 00001 deny ip from any to 192.168.0.1/24 in recv fxp0

# block sppoofed packets going to cable modem

add 00002 deny ip from any to 10.97.48.1 in recv fxp0

 

These are the only things before natd, which is rule 00050.

 

In the few days I’ve had them in; it = hasn’t caught anything, so I’m going to assume this isn’t breaking anything legitimate. The question is: is this the right way to check for = this stuff, anyway? Should I even worry about this since my network using = private IPs?

 

-Wade

 

 

 

 

------=_NextPart_000_0001_01C16B53.025902D0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message