LAND check: 2.4.20
Martijn Lievaart
m at rtij.nl
Tue Mar 15 17:42:56 CET 2005
Vishwas Manral said:
> Hi Martin/ folks,
>
> Thanks. That was a lot of help. Can you point me to the code where the
> checks have been made?
They should be in your ruleset or you can use the Linux built in routing
checks. If you have an interface that connects to specific networks, there
is no reason to accept packets from another interface with a source
address in those specific networks. Your ruleset can and should check for
that. That should catch the LAND attack.
Obviously this does not work for every firewall, if you have some complex
multirouting scenario this may not be possible. But that is typically not
a firewall protecting Windows hosts, so in practice that should not be a
problem.
M4
More information about the netfilter-devel
mailing list