Re: netfilter plugin: antispoof

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Rogier Wolff: "Re: Disk Corruption with ide hpt-366 controller & software raid5"
• Previous message: Rogier Wolff: "Re: only root has acces to /dev/mem ?"
• Next in thread: Alan Cox: "Re: only root has acces to /dev/mem ?"
• Reply: Alan Cox: "Re: only root has acces to /dev/mem ?"

> Basically, it terminates IP connections that it doesn't
> know of. This makes pretty sure that people trying to
> do IP spoofing (because they're along the path) get their
> connections terminated immediately because the victim
> machine hasn't done the negotiations itself.

How is this different from basic stateful packet filtering, which Netfilter
should already be able to do?

> I don't know how quickly a connection can be terminated
> or how effective this measure could be, but a FIN/FINACK
> combo shouldn't be too hard, now should it?

Just send a port / destination unreachable.

Sincerely,
Lars Marowsky-Brée

--
Lars Marowsky-Brée
Network Management

teuto.net Netzdienste GmbH

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Rogier Wolff: "Re: Disk Corruption with ide hpt-366 controller & software raid5"
• Previous message: Rogier Wolff: "Re: only root has acces to /dev/mem ?"
• Next in thread: Alan Cox: "Re: only root has acces to /dev/mem ?"
• Reply: Alan Cox: "Re: only root has acces to /dev/mem ?"