[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Unknown IP in my syslog

From: "Todd A. Jacobs" <tajacobs nvbell net>
To: redhat-list redhat com
Subject: Re: Unknown IP in my syslog
Date: Sun, 31 Oct 1999 11:59:23 -0800 (PST)

On Sun, 31 Oct 1999, Gustav Schaffter wrote:

> I can't find neither 10.10.12.230, 10.10.12.231 nor 208.178.165.230 with
> nslookup. (Though I can lookup and reverse lookup 'any' other address.)
> 
> Anyone knows what this is?

You haven't turned on spoofing protection in your kernel. 10.x.x.x is a
class A non-routable address. You shouldn't be able to receive those
packets across a router; I would report this immediately to your ISP,
since the attack is probably local.

In the meantime, add the following to your /etc/inittab:

	ip::sysinit:/etc/rc.d/init.d/nospoof

The create the nospoof script as follows:

#!/bin/sh
# This is the best method: turn on Source Address Verification and get
# spoof protection on all current and future interfaces.
if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]; then
  echo -n "Setting up IP spoofing protection..."
  for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
    echo 1 > $f
  done
  echo "done."
else
  echo PROBLEMS SETTING UP IP SPOOFING PROTECTION.  BE WORRIED.
  echo "CONTROL-D will exit from this shell and continue system startup."
  echo
  # Start a single user shell on the console
  /sbin/sulogin $CONSOLE
fi

-- 
Todd A. Jacobs
Network Systems Engineer

Follow-Ups:
- Re: Unknown IP in my syslog
  - From: Gustav Schaffter

References:
- Unknown IP in my syslog
  - From: Gustav Schaffter

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]