by Aaron Lehman » Sun, 14 Jan 2001 13:24:39
I've currently got all localhost stuff DENIED, in case it is, but I
imagine that will play havok with something.... Will it?
Aaron Lehmann
by Scott Nold » Sun, 14 Jan 2001 14:14:46
> I noticed recently that I was getting ALOT of stuff from 127.0.0.1:>1024
> to 127.0.0.1:imap and 127.0.0.1:ssh. Is this some kind of odd
> scan/exploit? What would it gain?
> I've currently got all localhost stuff DENIED, in case it is, but I
> imagine that will play havok with something.... Will it?
> Aaron Lehmann
The author has a book which is an excellent read on IPCHAINS. However,
if you're using kernel-2.4.0+ this will not mean anything to you unless
you compiled in ipchains support.
However, I think you'll find in the ipchains script the means to protect
your box (and us) from spoof attacks and much, much more.
- Scott
--
Never do Windows again with | Scott M. Nolde
glaze! |
12:10am up 1 day, 6:15, 2 users, load average: 1.12, 1.15, 1.09
by Aaron Lehman » Sun, 14 Jan 2001 14:24:25
> > I noticed recently that I was getting ALOT of stuff from 127.0.0.1:>1024
> > to 127.0.0.1:imap and 127.0.0.1:ssh. Is this some kind of odd
> > scan/exploit? What would it gain?
> > I've currently got all localhost stuff DENIED, in case it is, but I
> > imagine that will play havok with something.... Will it?
> > Aaron Lehmann
> Get yourself a custom built firewall (and check for misspellings) from:
> http://www.linux-firewall-tools.com
> The author has a book which is an excellent read on IPCHAINS. However,
> if you're using kernel-2.4.0+ this will not mean anything to you unless
> you compiled in ipchains support.
> However, I think you'll find in the ipchains script the means to protect
> your box (and us) from spoof attacks and much, much more.
> - Scott
> --
> Never do Windows again with | Scott M. Nolde
> glaze! |
> 12:10am up 1 day, 6:15, 2 users, load average: 1.12, 1.15, 1.09
Aaron Lehmann
by Tim Hayne » Sun, 14 Jan 2001 20:50:30
[snip]
These are the necessary and sufficient rules for dealing with loopback:Quote:> I'm using Ipchians... However, I was accepting everything from interface
> 127.0.0.1, on the assumption that the interface was a hardware thing, and
> thus, unspoofable. Evidentally not... Is there anyway that I can set it up
> to accept loopback traffic that only COMES from the loopback?
# ipchains -I input -i lo -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
# ipchains -I input -i lo -s 127.0.0.1 -d `hostname` -j ACCEPT -b
Anything else appearing in your drop-through catch-all--deny-and-log rule
is a cause for concern. Try again :8)
~Tim
--
How to get to Sesame Street? |http://piglet.is.dreaming.org
by Aaron Lehman » Mon, 15 Jan 2001 00:17:02
> [snip]
> > I'm using Ipchians... However, I was accepting everything from interface
> > 127.0.0.1, on the assumption that the interface was a hardware thing, and
> > thus, unspoofable. Evidentally not... Is there anyway that I can set it up
> > to accept loopback traffic that only COMES from the loopback?
> These are the necessary and sufficient rules for dealing with loopback:
> # ipchains -I input -i lo -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
> # ipchains -I input -i lo -s 127.0.0.1 -d `hostname` -j ACCEPT -b
by elle.. » Mon, 15 Jan 2001 00:41:24
With just those two ports, it looks to me like it may be someone's
.forward or some other bizarre mail scenario. Try checking the mail
and cron logs.
And, to answer your later question, rp_filter should catch any
"imposter" localhost packets by default.
--
by Tim Hayne » Mon, 15 Jan 2001 07:34:23
> > # ipchains -I input -i lo -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
> > # ipchains -I input -i lo -s 127.0.0.1 -d `hostname` -j ACCEPT -b
> Where hostname is my outside address?
~Tim
--
10:31pm up 20 days, 44 min, 13 users, load average: 0.00, 0.02, 0.00
http://piglet.is.dreaming.org |(seen mid-windows 98 installation)
1. fixing localhost -> DNS Server -> NAMED -> NDC -> NOTFOUND
I'm trying to make localhost work in netscape (instead of routing to
http://www.localhost.com as it does now) on Redhat 6.2 system on a local
lan connected to external internet via netopia analog router).
I set up a hosts file to define localhost as an alias for
localhost.cox.dom (internal fake names). While that once worked, I
touched something somewhere and it no longer does.
By following the cryptic syggestions at www.localhost.com, I decided I
needed to set up a DNS server for the local lan (8 machines) via
http://www.linuxdoc.org/HOWTO/DNS-HOWTO-3.html under "A caching only
name server">
All went well til the section "Starting named", which says type
"/usr/sbin/ndc start". There's nothing there by the name ndc, nor under
thing called under Redhat 6.2?
Or is setting up DNS the wrong thing altogether? I'm basically trying to
get a combined Windows 2000 Server, Linux, and Macintosh combined
network to cooperate.
3. Samba Server (Localhost) - LOCALHOST?!?!?
5. uucp tools
6. IPCHAINS and mail on localhost: unable to send mail from localhost
8. ping localhost -> OK, ping myhost -> dies
9. smail+term >> transport smtp: IP address for localhost not found
10. telnet localhost --> Network is unreachable?
11. still problem with networkprging -> localhost