From: Patrick McHardy <kaber@trash.net>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] iptables...
Date: Thu, 16 May 2002 12:52:27 +0000 [thread overview]
Message-ID: <marc-lartc-102155362214308@msgid-missing> (raw)
In-Reply-To: <marc-lartc-102154353007113@msgid-missing>
Mikko Lyly wrote:
> i know this proly does not belong in this list but if any one has an idea why i am geting this please tell!
>
> i keep geting this stuff to kernel logs
>
> Forged DCC command from 10.255.128.4: 62.71.235.143:10388
> Forged DCC command from 10.255.128.4: 62.71.235.143:10388
> Forged DCC command from 10.255.128.4: 62.71.235.143:10347
> Forged DCC command from 10.255.128.4: 62.71.235.143:10378
> Forged DCC command from 10.255.128.4: 62.71.235.143:10336
>
Hmm IIRC the reason is the remote site not masquerading proper.
DCC transfer requests contain the ip, so if the remote person is
masquerading his traffic but not also changing the ip contained in
the dcc request iptables refuses to accept the connection as related
because the two ips differ. The RELATED expectation is made by
the connection tracking helper which parses the dcc requests. If it
would accept it, it would allow 10.255.128.4 to connect to some port
on your system, so someone evil could easily cirumvent your packet
filter rules by sending forged dcc requests.
Bye,
Patrick
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next prev parent reply other threads:[~2002-05-16 12:52 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-05-16 10:04 [LARTC] iptables Mikko Lyly
2002-05-16 12:52 ` Patrick McHardy [this message]
-- strict thread matches above, loose matches on Subject: below --
2001-01-23 12:59 Tom
2001-01-23 23:33 ` Wingtung.Leung
2001-11-06 7:34 ` vanitha
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-102155362214308@msgid-missing \
--to=kaber@trash.net \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox