From mboxrd@z Thu Jan 1 00:00:00 1970 From: James Turnbull Subject: Re: SSH allow only form selected IP' Date: Mon, 16 Aug 2004 21:23:49 +1000 Sender: linux-admin-owner@vger.kernel.org Message-ID: <41209945.40205@lovedthanlost.net> References: <1066.66.189.78.234.1092484339.squirrel@srv01.scriptgods.com> <411F5E12.6000608@lovedthanlost.net> <1216.66.189.78.234.1092581976.squirrel@srv01.scriptgods.com> Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms040401030205010209030402" Return-path: In-Reply-To: <1216.66.189.78.234.1092581976.squirrel@srv01.scriptgods.com> List-Id: To: luke@techfreak.org Cc: linux-admin@vger.kernel.org This is a cryptographically signed message in MIME format. --------------ms040401030205010209030402 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit luke@techfreak.org wrote: >I'm definitely not a firewall expert, but isn't it also possible to >get around >IPchains using IP spoofing? From what I know ipchains is only >protected against spoofing by using source address verification. > >Or am I way off? > >Luke > > A little off. :) Yes you can spoof iptables but not nearly as easily as hosts.allow can be spoofed. Hosts.allow's verifications procedures are considerably less sophisticated than those of iptables. Regards James P.S. Generally Ipchains has been replaced by Iptables. --------------ms040401030205010209030402 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIH+TCC AlcwggHAoAMCAQICAwxcXDANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDQwNTIyMDYxNTI4WhcNMDUwNTIyMDYxNTI4 WjBJMR8wHQYDVQQDExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMSYwJAYJKoZIhvcNAQkBFhdq YW1lc0Bsb3ZlZHRoYW5sb3N0Lm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAx2v2 vUgZ5zogSrElx4VilKyCm0yfHJ3Mqe4CSp/7VlfTgwonPqU12B00fmamXeM1txF/QxgGXI38 Kwf3iS2aVy9VSL1ckNlcfQEHJt7+4UdKeEttL8Z65BXxPCL6+s1ll2YZ23piQRPkV5iDirIZ k3PbKIz7TVLGzg1QgV6NYlUCAwEAAaM0MDIwIgYDVR0RBBswGYEXamFtZXNAbG92ZWR0aGFu bG9zdC5uZXQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQDCVRZxHh7SMS0t+OJ9 rehq9WFgj+5Fv4EsYM+riXx8tqGwBDGHK0e/+/9UIOl2WsVReAGTktz48ilbuMhXAps2ojF+ EgEzmmk/HRkrk9mT0fZw4WEj6LmESKatKkyE7+FmcZEdnVwsHQ3bbSSCSoNL+1L4v2Ncr4kW vBMAslVo/zCCAlcwggHAoAMCAQICAwxcXDANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJa QTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhh d3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDQwNTIyMDYxNTI4WhcNMDUw NTIyMDYxNTI4WjBJMR8wHQYDVQQDExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMSYwJAYJKoZI hvcNAQkBFhdqYW1lc0Bsb3ZlZHRoYW5sb3N0Lm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw gYkCgYEAx2v2vUgZ5zogSrElx4VilKyCm0yfHJ3Mqe4CSp/7VlfTgwonPqU12B00fmamXeM1 txF/QxgGXI38Kwf3iS2aVy9VSL1ckNlcfQEHJt7+4UdKeEttL8Z65BXxPCL6+s1ll2YZ23pi QRPkV5iDirIZk3PbKIz7TVLGzg1QgV6NYlUCAwEAAaM0MDIwIgYDVR0RBBswGYEXamFtZXNA bG92ZWR0aGFubG9zdC5uZXQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQDCVRZx Hh7SMS0t+OJ9rehq9WFgj+5Fv4EsYM+riXx8tqGwBDGHK0e/+/9UIOl2WsVReAGTktz48ilb uMhXAps2ojF+EgEzmmk/HRkrk9mT0fZw4WEj6LmESKatKkyE7+FmcZEdnVwsHQ3bbSSCSoNL +1L4v2Ncr4kWvBMAslVo/zCCAz8wggKooAMCAQICAQ0wDQYJKoZIhvcNAQEFBQAwgdExCzAJ BgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEa MBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy dmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTEr MCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0wMzA3MTcw MDAwMDBaFw0xMzA3MTYyMzU5NTlaMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUg Q29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1h aWwgSXNzdWluZyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxKY8VXNV+065ypla HmjAdQRwnd/p/6Me7L3N9VvyGna9fww6YfK/Uc4B1OVQCjDXAmNaLIkVcI7dyfArhVqqP3FW y688Cwfn8R+RNiQqE88r1fOCdz0Dviv+uxg+B79AgAJk16emu59l0cUqVIUPSAR/p7bRPGEE QB5kGXJgt/sCAwEAAaOBlDCBkTASBgNVHRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8MDowOKA2 oDSGMmh0dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVQZXJzb25hbEZyZWVtYWlsQ0EuY3Js MAsGA1UdDwQEAwIBBjApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVsMi0x MzgwDQYJKoZIhvcNAQEFBQADgYEASIzRUIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/TCG4+DYf qi2fNi/A9BxQIJNwPP2t4WFiw9k6GX6EsZkbAMUaC4J0niVQlGLH2ydxVyWN3amcOY6MIE9l X5Xa9/eH1sYITq726jTlEBpbNU1341YheILcIRk13iSx0x1G/11fZU8xggK6MIICtgIBATBp MGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQu MSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIDDFxcMAkG BSsOAwIaBQCgggGnMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8X DTA0MDgxNjExMjM0OVowIwYJKoZIhvcNAQkEMRYEFAR+XWDTLfUm+kf33ijaz77PNw3/MFIG CSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMC AgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMHgGCSsGAQQBgjcQBDFrMGkwYjELMAkGA1UE BhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMT I1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAgMMXFwwegYLKoZIhvcNAQkQ Agsxa6BpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5 KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQID DFxcMA0GCSqGSIb3DQEBAQUABIGAKnob3fe6iaxZxWMsvhNw2JiWbKtJLw2Jds4hGIZlv0Ju QJo6NkUR34UDOw0rwA/vQaRMKxJJ/I1BpFPBS4ArvnWDPE8bHOzNgpUB9DQQvcDFzcqbD2tX liu4BagTOqCM/Yi2/I+Xs++ktVFJZIzKMuEsxvTfywdj+2EdhDxRQOIAAAAAAAA= --------------ms040401030205010209030402--