Firewall Wizards mailing list archives
RE: Re: Wayyy too many spoofed packets
From: Frank Knobbe <frank () knobbe us>
Date: Fri, 21 Nov 2003 22:16:09 -0600
On Fri, 2003-11-21 at 18:31, Bill Royds wrote:
As Frank said, you machine is sending broadcasts on both interfaces for Samba.
-----Original Message----- From: Chris de Vidal [mailto:chris () devidal tv] [...] I shouldn't expect to see MY IP coming IN from the OUTSIDE.
I don't see two interfaces in the info you provided, I only see one, eth0. There is no outside. What you see are packets being logged on that eth0 interface OUTBOUND, meaning from your box to the network. On most firewalls you can filter packets inbound and outbound. Inbound and outbound doesn't necessarily mean inbound from the external NIC to the internal NIC. Inbound here means from the network to the IP stack (the box itself), and outbound means from the box' IP stack out to the network. You can configure netfilter to block all outbound (from the box to the network) packets. This is typically the case with secure servers that only answer requests. In your setup it seems that you don't allow broadcast from your box to the network. All packets with a broadcast destination seem to get filtered. Broadcasts that your box sends (like NetBIOS name broadcasts). Hope that made it a bit clearer. Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Wayyy too many spoofed packets Chris de Vidal (Nov 21)
- Re: Wayyy too many spoofed packets Paul Robertson (Nov 21)
- Re: Wayyy too many spoofed packets Chris de Vidal (Nov 23)
- Message not available
- RE: Wayyy too many spoofed packets Chris de Vidal (Nov 21)
- Re: Wayyy too many spoofed packets Paul Robertson (Nov 21)
- Re: Wayyy too many spoofed packets Mikael Olsson (Nov 21)
- <Possible follow-ups>
- Re: Wayyy too many spoofed packets Chris de Vidal (Nov 21)
- Re: Wayyy too many spoofed packets Frank Knobbe (Nov 21)
- RE: Re: Wayyy too many spoofed packets Bill Royds (Nov 21)
- RE: Re: Wayyy too many spoofed packets Frank Knobbe (Nov 23)
- RE: Re: Wayyy too many spoofed packets Chris de Vidal (Nov 23)
- RE: Re: Wayyy too many spoofed packets Frank Knobbe (Nov 23)
- RE: Re: Wayyy too many spoofed packets Frank Knobbe (Nov 23)
- RE: Re: Wayyy too many spoofed packets Daniel Linder (Nov 25)
- RE: Re: Wayyy too many spoofed packets Chris de Vidal (Nov 25)