incoming IP packet with local interface's IP as origin?

incoming IP packet with local interface's IP as origin?

Post by Georg Schwa » Sun, 25 Aug 2002 06:37:54



How do today's UNIX systems' IP stacks react when reciving an IP packet
on an interface (say ethernet or PPP) when the packet's originating IP
address is the local interface's, i.e. the sender has faked the
originating IP address to be the one of the reciving interface on the
reciving host?
Do modern IP stacks automatically detect that the packet has been
spoofed and discard it, or will it take explicit local firewall rules to
get such a behavior?

--
Georg Schwarz    http://home.pages.de/~schwarz/

 
 
 

incoming IP packet with local interface's IP as origin?

Post by those who know me have no need of my nam » Sun, 25 Aug 2002 09:30:26


in comp.security.unix i read:

Quote:>How do today's UNIX systems' IP stacks react when reciving an IP packet
>on an interface (say ethernet or PPP) when the packet's originating IP
>address is the local interface's, i.e. the sender has faked the
>originating IP address to be the one of the reciving interface on the
>reciving host?
>Do modern IP stacks automatically detect that the packet has been
>spoofed and discard it, or will it take explicit local firewall rules to
>get such a behavior?

irrespective of whether mosts hosts would dtrt (which i believe you will
find to be atypical) i'd suggest packet filters, at whatever appropriate
places, e.g., your border routers should not let anything in that has a
local ip address (nor anything out that doesn't), and should block martians
such as localhost (and perhaps even rfc1918 space) too.  i wouldn't
necessarily trust packet filters solely on the host, though i'd use them
too, being more a belt and suspenders sort of person.

--
bringing you boring signatures for 17 years

 
 
 

1. ping -g 'gateway-IP' 'host-IP' DOESN'T work!

Hello guys,

I have a machine with two interfaces, each connected to
a gateway. This two gateways are then connected to a common
network and I want to ping another router in that network over
the two interfaces.

Looks like this:
                        Gateway 1
                           ----
               ------------|  |------------
              | Subnet A   ----            |
            ----
Machine    |  |                Subnet C   Router
            ----
              | Subnet B   ----            |
               ------------|  |------------
                           ----
                        Gateway 2

Now if I type following on my machine it doesn't work:

ping -g 'IP in Subnet A of Gateway 1' 'Router-IP-address'

But if I do a ping (Defaultgateway is 'IP in Subnet A of Gateway 1'
(without -g) it works fine:

ping 'Router-IP-address'

Can someone give me a hint? Thanks in advance!

Cheers, Walter

2. DFE-538TX on RedHat 7.0

3. Ignore all incoming udp/ip and udp/ip on all ports, except open ports?

4. KOffice, missing libs

5. changing incoming IP packet buffer size

6. anybody got gopher server ported / running?

7. IP masqerade: distributing incoming packets

8. Slackware Error

9. Exchange Source IP in incoming IP Packages

10. Accepting Incoming Traffic on Interface not configured with an IP

11. Route IP masqueraded packets according to their source IP?

12. IP packet rewriting (IP masquerading??)

13. How to send IP packet on a selected interface ?