sslug-teknik team mailing list archive

Thread
Date

Re: echo "1" >/proc/sys/net/ipv4/tcp_syncookies

To: sslug-teknik@xxxxxxxx
From: Hanne Munkholm <hm@xxxxxxx>
Date: Thu, 22 Nov 2001 10:25:45 +0100
Delivered-to: mailing list sslug-teknik@xxxxxxxx
Mailing-list: contact sslug-teknik-help@xxxxxxxx; run by ezmlm
Newsgroups: sslug.teknik
Organization: SSLUG

"Henrik Størner" wrote:
> 
> In <3BFABF20.D382ED2B@xxxxxxxxxxx> Hanne Munkholm <hanne@xxxxxxxxxxx> writes:
> 
> >(Det er ikke forskellen jeg vil have forklaret, men hvor jeg skal lede
> >efter info om den slags.)
> 
> Documentation/networking/ip-sysctl.txt i en nyere kernel-source.

Ja, men der er ikke forklaringer som i proc.txt filen. Eks:

"rp_filter
---------

Integer value determines if a source validation should be made. 1
means yes, 0 means no. Disabled by default, but local/broadcast
address spoofing is always on.

If you  set this to 1 on a router that is the only connection for a
network to the net,  it  will  prevent  spoofing  attacks  against
your internal networks (external addresses  can  still  be  spoofed),
without the need for additional firewall rules."

I øvrigt vil jeg gerne være sikker på at jeg forstår det rigtigt:
Giver rp_filter nogen mening for en "stand alone" server der kun er
firewall for sig selv? Er det kun et bagvedliggende netværk den kan
beskytte? Kigger den "bare" på om pakkerne kommer fra det interface
den forventer? 

-- 
Hanne Munkholm         hm@xxxxxxx
Leder af LinuxLab      http://LinuxLab.dk

Price is what you pay. Value is what you get. --Warren Buffet

Follow ups

Re: echo "1" >/proc/sys/net/ipv4/tcp_syncookies
From: Mogens Valentin, 2001-11-22
Re: echo "1" >/proc/sys/net/ipv4/tcp_syncookies
From: Jesper Lund, 2001-11-22

References

echo "1" >/proc/sys/net/ipv4/tcp_syncookies
From: Hanne Munkholm, 2001-11-20
Re: echo "1" >/proc/sys/net/ipv4/tcp_syncookies
From: Henrik St�, 2001-11-21