[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: Unknown IP in my syslog
- From: Gustav Schaffter <gustav schaffter com>
- To: redhat-list redhat com
- Subject: Re: Unknown IP in my syslog
- Date: Sun, 31 Oct 1999 21:00:50 +0100
Todd,
I haven't put the line into my inittab (yet), but I do have your nospoof
script running from rc.local
I also do log any incomming packages on ppp0 from any of the three
'local' address ranges. Sorry that I don't remember the correct names
there, but I'm sure you know what I mean:
"10.0.0.0/8","172.16.0.0/12","192.168.0.0/16"
This is how I noticed it to start with.
I'll look into the inittab change soon. (Really soon.)
I think that the installation routine should do some of this stuff. Most
beginners will probably, like me, first setup RH to run, then struggle a
while to get ppp working, then potentially follow the mailing lists for a
good while before they eventually start to worry about ipchains, spoofing,
port scans and this kind of stuff.
Thanks for your help (again :)
Gustav
On Sun, 31 Oct 1999, Todd A. Jacobs wrote:
> On Sun, 31 Oct 1999, Gustav Schaffter wrote:
>
> > I can't find neither 10.10.12.230, 10.10.12.231 nor 208.178.165.230 with
> > nslookup. (Though I can lookup and reverse lookup 'any' other address.)
> >
> > Anyone knows what this is?
>
> You haven't turned on spoofing protection in your kernel. 10.x.x.x is a
> class A non-routable address. You shouldn't be able to receive those
> packets across a router; I would report this immediately to your ISP,
> since the attack is probably local.
>
> In the meantime, add the following to your /etc/inittab:
>
> ip::sysinit:/etc/rc.d/init.d/nospoof
>
> The create the nospoof script as follows:
>
> #!/bin/sh
> # This is the best method: turn on Source Address Verification and get
> # spoof protection on all current and future interfaces.
> if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]; then
> echo -n "Setting up IP spoofing protection..."
> for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
> echo 1 > $f
> done
> echo "done."
> else
> echo PROBLEMS SETTING UP IP SPOOFING PROTECTION. BE WORRIED.
> echo "CONTROL-D will exit from this shell and continue system startup."
> echo
> # Start a single user shell on the console
> /sbin/sulogin $CONSOLE
> fi
>
> --
> Todd A. Jacobs
> Network Systems Engineer
>
>
>
> --
> To unsubscribe: mail redhat-list-request redhat com with "unsubscribe"
> as the Subject.
--
JFK, assassination plot, sex, money laundering, blackmail, hacking, security, encryption, bomb, CIA, NSA, KGB, Russia, Lockerbie, terrorism, child abuse, drug dealing, espionage.
pgp = Pretty Good Privacy
http://www.schaffter.com
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]