From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Shaun T. Erickson" <ste@smxy.org>
Subject: Re: incoming interface confusion question
Date: Mon, 21 Jun 2004 15:28:54 -0400
Sender: netfilter-admin@lists.netfilter.org
Message-ID: <40D736F6.50405@smxy.org>
References: <40D71EC4.7090900@smxy.org>
Reply-To: ste@smxy.org
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Return-path: <netfilter-admin@lists.netfilter.org>
In-Reply-To: <40D71EC4.7090900@smxy.org>
Errors-To: netfilter-admin@lists.netfilter.org
List-Help: <mailto:netfilter-request@lists.netfilter.org?subject=help>
List-Post: <mailto:netfilter@lists.netfilter.org>
List-Subscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>,
	<mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-Id: <netfilter.vger.kernel.org>
List-Unsubscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>,
	<mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
List-Archive: <https://lists.netfilter.org/pipermail/netfilter/>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
To: netfilter@lists.netfilter.org

Shaun T. Erickson wrote:

> Are there any cases where iptables can be confused about what interface 
> a packet came in on? Can a packet arriving on interface A ever be 
> reported as arriving on interface B?
> 
> I had an incident this weekend, and am trying to be certain that the 
> packets came in the interface my system said it did. It's a Red Hat 9 
> system, running their stock 2.4.20-8 kernel.

Please, can anyone answer this for me? I'm trying to prove or disprove a 
theory that would explain an apparent intrusion incident over the 
weekend. It's very important that I know the definitive answer to this. 
Thanks.

	-ste