* William B. Herman ([EMAIL PROTECTED]) wrote:
> It seems that I have people who are trying to telnet into my machine. They
> seem to be either changing their ISP or spoofing their IP address. There is
> no reason these addresses should be telneting into our machine. My guess is
> they are trying brute force to gain access. What is the best way to protect
> our system against such an attack?
>
> -Bill Herman
Defend yourself against ip spoofing thusly:
I have a script, /etc/rc.d/init.d/spoof_protect, containing the lines:
#!/bin/sh
#
# See how we were called.
case "$1" in
start)
if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]; then
echo -n "Setting up IP spoofing protection..."
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 1 > $f
done
echo "done."
else
echo PROBLEMS SETTING UP IP SPOOFING PROTECTION. BE WORRIED.
echo "CONTROL-D will exit from this shell and continue system
startup."
echo
# Start a single user shell on the console
/sbin/sulogin $CONSOLE
fi
;;
*)
echo "Usage: spoof_protect {start}"
exit 1
esac
exit 0
I call it using a soft link in rc3.d and rc5.d, with a low number so
it's run before the network init.
For the rest, there's always ipchains.
Tom.
--
.-------------------------------------------------------.
.^. | Tom Gilbert, England | [EMAIL PROTECTED] |
/V\ |----------------------| www.tomgilbert.freeserve.co.uk |
// \\ | Sites I recommend: `--------------------------------|
/( )\ | www.freshmeat.net www.enlightenment.org slashdot.org |
^^-^^ `-------------------------------------------------------'
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
