From mboxrd@z Thu Jan 1 00:00:00 1970 From: "John A. Sullivan III" Subject: Re: incoming interface confusion question Date: Mon, 21 Jun 2004 16:18:59 -0400 Sender: netfilter-admin@lists.netfilter.org Message-ID: <1087849139.17067.25.camel@localhost> References: <40D71EC4.7090900@smxy.org> <40D736F6.50405@smxy.org> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <40D736F6.50405@smxy.org> Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/plain; charset="us-ascii" To: ste@smxy.org Cc: netfilter@lists.netfilter.org On Mon, 2004-06-21 at 15:28, Shaun T. Erickson wrote: > Shaun T. Erickson wrote: > > > Are there any cases where iptables can be confused about what interface > > a packet came in on? Can a packet arriving on interface A ever be > > reported as arriving on interface B? > > > > I had an incident this weekend, and am trying to be certain that the > > packets came in the interface my system said it did. It's a Red Hat 9 > > system, running their stock 2.4.20-8 kernel. > > Please, can anyone answer this for me? I'm trying to prove or disprove a > theory that would explain an apparent intrusion incident over the > weekend. It's very important that I know the definitive answer to this. > Thanks. > > -ste I have never experienced it but I'm sure there are others more experienced than I on this list - John -- John A. Sullivan III Chief Technology Officer Nexus Management +1 207-985-7880 john.sullivan@nexusmgmt.com --- If you are interested in helping to develop a GPL enterprise class VPN/Firewall/Security device management console, please visit http://iscs.sourceforge.net