Gentoo Forums :: View topic - Linux Kernel route cache flooding Denial of Service

Linux Kernel route cache flooding Denial of Service

View unanswered posts
View posts from last 24 hours

Gentoo Forums Forum Index

Networking & Security

View previous topic :: View next topic

Author

Message

kahcepb
n00b
n00b

Joined: 08 Apr 2003
Posts: 34

Posted: Sat May 17, 2003 2:01 pm Post subject: Linux Kernel route cache flooding Denial of Service

http://www.secunia.com/advisories/8786/ That's it...

neilhwatson
l33t
l33t

Joined: 06 Feb 2003
Posts: 719
Location: Canada

Posted: Sat May 17, 2003 2:14 pm Post subject:

Couldn't you simply guard against spoofing?

Code:

#prevent IP spoofing
if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]; then
echo -n "Setting up IP spoofing protection..."
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 1 > $f
done
echo " done."
else
echo "WARNING: errors encountered while trying to enable IP spoofing protection!"
fi

$IPTABLES -A in -i $INTERFACE -s $MYIP -j DROP
$IPTABLES -A in -i $INTERFACE -s 10.0.0.0/8 -j DROP
$IPTABLES -A in -i $INTERFACE -s 172.16.0.0/12 -j DROP
$IPTABLES -A in -i $INTERFACE -s 192.168.0.0/16 -j DROP
$IPTABLES -A in -i $INTERFACE -s 224.0.0.0/4 -j DROP
$IPTABLES -A in -i $INTERFACE -s 240.0.0.0/5 -j DROP
$IPTABLES -A in -i $INTERFACE -d 127.0.0.0/8 -j DROP
$IPTABLES -A in -i $INTERFACE -d $MYBCA -j DROP

_________________
The true guru is a teacher.
Neil Watson

Display posts from previous:

	Gentoo Forums Forum Index Networking & Security	All times are GMT
Page 1 of 1

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy