On Fri, 22 Oct 2004, Ilya Konstantinov wrote: > Herouth Maoz wrote: > > > What you are saying is basically that I should just ignore these > > messages. This is annoying, though, because if someone attempts to > > spoof an address (which is what the martian messages are meant to > > reveal), I'll neverbe able to see the attempt through all the > > background noise. > > > On the PPP interface, you cannot detect spoofed messages with this > method, since any IP coming from the Internet is legit.
but, assuming that on the ppp0 you have a "true" IP address (i.e. not in one of the private IP ranges), then you simply would place an iptables rule denying any incoming packets whose source address is in one of the 'private' IP ranges. again, _only_ on ppp0. > On the ETH interface, the cable company's router (CMTS) protects you > from spoofing by employing techniques like "source-verify": > http://www.cisco.com/en/US/tech/tk86/tk803/technologies_tech_note09186a00800a7828.shtml as i understand it, the only address on which you're supposed to talk over eth0, is your local modem's address (either via dhcp, or via pptp). nothing else is supposed to pass over your ethernet link. if this is true, you may block everything else _over eth1_, and be happy with it. -- guy "For world domination - press 1, or dial 0, and please hold, for the creator." -- nob o. dy ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
