fre, 28.05.2004 kl. 19.19 skrev Vadim Kurland:
> On May 28, 2004, at 9:43 AM, Bjørn Rasmussen wrote:
> >>> Only appears on the interface local to the source. On my
> >>> LAN-interface
> >>> I get this from tcpdump -i <LAN-interface>
> >>> 12:44:06.782735 127.0.0.1 > 192.168.10.1: icmp: echo request
> >>> 12:44:06.783250 127.0.0.1.62535 > 192.168.10.1.http: . ack 2481567855
> >>> win 1024 .....
> >>> when using "nmap -e <LAN-interface of nmap-client> -S 127.0.0.1
> >>> <LAN-ip
> >>> of firewall>".
> >> just to make sure, what machine do you run nmap on ?
> > Since you asked, I tried this on a FC1 client, without luck! It works
> > from an old SuSE 7.0 box (I don't recall the version of nmap). I'll
> > try
> > to find other methods to spoof the localhost address.
Well, nmap works from the FC1 client as well, I just forgot to turn off
the firewall on this client :-(
> I looked at your rules. You only have anti-spoofing rules on interface
> 'isdn', but in your testing with nmap you send spoofed packets from
> another box on the LAN. This means packets arrive on interface eth0
> rather than on isdn, but you do not have anti-spoofing rules on eth0.
> That is why spoofed packets are not blocked.
Sorry, I should have told you, these are my ordinary rules, not the
rules I used for testing. For the testing, I copied the spoofing rules
from my isdn interface to my local interface. Anyway, packets with
source address 127.0.0.1 are still not blocked by the rules I sent you,
and the origin is the Internet.
> This SF.Net email is sponsored by: Oracle 10g
> Get certified on the hottest thing ever to hit the market... Oracle 10g.
> Take an Oracle 10g class now, and we'll give you the exam FREE.
> Fwbuilder-discussion mailing list
Firma: Bjørn Rasmussen Nettverkstjenester
Linux: RHCE (Red Hat Certified Engineer)
Windows NT 4.0: MCSE (Microsoft Certified System Engineer)
Adr: Moneheia 47, 4656 Kristiansand
Tlf: 38 04 09 55
Mbl: 911 27367