LAND check: 2.4.20
Cedric Blancher
blancher at cartel-securite.fr
Tue Mar 15 17:52:36 CET 2005
Le mardi 15 mars 2005 à 17:42 +0100, Martijn Lievaart a écrit :
> They should be in your ruleset or you can use the Linux built in routing
> checks.
There are 2 major cases :
. Packet is seen by a filtering box, then rp_filter should
destroy the packet as source is not routed through receiving
interface.
. Packet is received by destination, then routing code will
destroy it as a packet with local IP as source must be
received on loopback.
I don't think there's a real security issue that implies hardcoding.
--
http://sid.rstack.org/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
>> Hi! I'm your friendly neighbourhood signature virus.
>> Copy me to your signature file and help me spread!
More information about the netfilter-devel
mailing list