To add rules to prevent spoofing attacks, ie. block reserved private networks from coming in on the internet, you add in this type of rule:
Code: Select all
iptables -I INPUT -i eth0 -s 10.0.0.0/8 -j DROP
IP Tables Ruleset
-
Thor
- htd0rg lieutenant
- Posts: 440
- Joined: Tue Dec 18, 2007 9:39 am
- Location: Location Location
IP Tables Ruleset
I've been messing with my IP tables schema and a question has arised.
To add rules to prevent spoofing attacks, ie. block reserved private networks from coming in on the internet, you add in this type of rule:
But what if you are already behind a firewall that is on that same range, would it block packets from the firewall to you?
To add rules to prevent spoofing attacks, ie. block reserved private networks from coming in on the internet, you add in this type of rule:
-
clueless
- Hacker in Training
- Posts: 70
- Joined: Thu Apr 16, 2009 6:26 pm
Re: IP Tables Ruleset
If the eth0 nic is in that range then no-one on the network can send packets to you. packets coming from the internet who go over a NAT router still appear to be coming from the remote IP so they should remain unblocked. I'm not too sure if your firewall falls in the latter category, but its not a really good solution either way. Can't you block those ip ranges on the first firewall?
-
Thor
- htd0rg lieutenant
- Posts: 440
- Joined: Tue Dec 18, 2007 9:39 am
- Location: Location Location
Re: IP Tables Ruleset
Yes, my hardware firewall has rules for various things and has the ability to be modified easily by me, and "should" be filtering those ranges. I added all the other private addresses no problem, but im not on those ranges. So those lines are probably not needed as well. The particular tutorial I was going off of mentioned a couple of times that some of the rules if not thought out and done wrong can block yourself from your own net. I think I'll leave this rule out. My eth0 nic is on that range, and I should expect my firewall to block this type of attack.
But in saying that, I can't remember where now; there was a good whitepaper about conducting this type of attack over a firewall. I remember that spoofing attack was done with a little scanning and a little packet crafting. The attacker was able to determine what the private range was the LAN was using and then defeat the mechanisms meant to filter private ranges from the net. Thing was, I don't think it accounted for a paranoid setup where firewall and LAN where blocking this attack.
Link related:http://wiki.archlinux.org/index.php/Sim ... wall_HOWTO
The setup at the link is pretty much how I set it up, except for a few mods I did. If any one knows of another good writeup of an even more secure setup, then holler back.
Also, I wouldn't mind talking more about the theory of this type of attack, and if it's still a viable type of attack nowadays. Any thoughts on this?
But in saying that, I can't remember where now; there was a good whitepaper about conducting this type of attack over a firewall. I remember that spoofing attack was done with a little scanning and a little packet crafting. The attacker was able to determine what the private range was the LAN was using and then defeat the mechanisms meant to filter private ranges from the net. Thing was, I don't think it accounted for a paranoid setup where firewall and LAN where blocking this attack.
Link related:http://wiki.archlinux.org/index.php/Sim ... wall_HOWTO
The setup at the link is pretty much how I set it up, except for a few mods I did. If any one knows of another good writeup of an even more secure setup, then holler back.
Also, I wouldn't mind talking more about the theory of this type of attack, and if it's still a viable type of attack nowadays. Any thoughts on this?