RE: Re: Wayyy too many spoofed packets

[Frank Knobbe <frank () knobbe us>]

On Fri, 2003-11-21 at 18:31, Bill Royds wrote:
> As Frank said, you machine is sending broadcasts on both interfaces for
> Samba. 

> -----Original Message-----
> From: Chris de Vidal [mailto:chris () devidal tv] 
> [...]
> I shouldn't expect to see MY IP coming IN from the OUTSIDE.


I don't see two interfaces in the info you provided, I only see one,
eth0. There is no outside. What you see are packets being logged on that
eth0 interface OUTBOUND, meaning from your box to the network.

On most firewalls you can filter packets inbound and outbound. Inbound
and outbound doesn't necessarily mean inbound from the external NIC to
the internal NIC. Inbound here means from the network to the IP stack
(the box itself), and outbound means from the box' IP stack out to the
network.

You can configure netfilter to block all outbound (from the box to the
network) packets. This is typically the case with secure servers that
only answer requests. In your setup it seems that you don't allow
broadcast from your box to the network. All packets with a broadcast
destination seem to get filtered. Broadcasts that your box sends (like
NetBIOS name broadcasts).

Hope that made it a bit clearer.

Frank

Attachment: signature.asc
Description: This is a digitally signed message part