From: "Gastón Franco" <gfranco@arcert.gov.ar>
To: deff <deff@sadomain.co.za>
Cc: netfilter@lists.netfilter.org
Subject: Re: Spoofed ip's
Date: Tue, 11 Feb 2003 16:22:50 -0300 [thread overview]
Message-ID: <3E494D8A.10815735@arcert.gov.ar> (raw)
In-Reply-To: 1044948351.23287.11.camel@filth.sadomain.co.za
Hi .!
The list of networks reserved by IANA.
can be found at:
http://www.iana.org/assignments/ipv4-address-space
( for additional information see RFC3330 )
deff wrote:
> Hello everyone.
>
> I set up a firewall that filters out, logs, and drops packets
> originating from spoofed ip addresses.
>
> The definition here of a spoofed ip is :
> a) A non-routable ip
> b) A ip thats not destined for us ( shouldn't get past router anyway )
> c) A local ip
> d) the loop back ip
>
> Originally the firewall only filtered 172.16.0.0/12, 192.168.0.0/16,
> 10.0.0.0/8 and 127.0.0.1 addresses.
>
> Then i took a look at Firestarter's iptables script and saw that it also
> filters out other addresses.
>
> Could anyone please check the rules below and tell me if the the source
> ip'ss are valid. I'm seeing an incredible amount of these ip's
> attempting to get through .
>
> To me it looks like i'm blocking out the whole internet, but that makes
> me wonder why firestarter does it .
>
> thanks ,
> Cillié
>
> ______________________CUT____________________________
>
> iptables --append spoofed_ip --source 1.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 2.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 5.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 7.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 23.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 27.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 31.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 36.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 37.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 39.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 41.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 42.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 58.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 59.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 60.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 69.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 70.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 72.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 73.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 74.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 75.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 76.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 77.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 78.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 79.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 82.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 83.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 84.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 85.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 86.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 87.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 89.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 90.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 91.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 92.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 93.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 94.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 95.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 96.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 97.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 98.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 99.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 100.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 101.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 102.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 103.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 104.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 105.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 106.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 107.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 108.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 109.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 110.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 111.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 112.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 113.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 114.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 115.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 116.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 117.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 118.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 119.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 120.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 121.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 122.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 123.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 124.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 125.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 126.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 128.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 128.66.0.0/16 --jump spoof_log
> iptables --append spoofed_ip --source 192.168.0.0/16 --jump spoof_log
> iptables --append spoofed_ip --source 172.16.0.0/12 --jump spoof_log
> iptables --append spoofed_ip --source 221.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 197.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 222.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 223.0.0.0/8 --jump spoof_log
> iptables --append spoofed_ip --source 240.0.0.0/4 --jump spoof_log
>
> ______________________CUT___________________________
--
---------------------------------------------------------
ArCERT
Te:(54-11) 43439001 int.514 Fax:(54-11) 4343-7458
e-mail: gfranco@arcert.gov.ar http://www.arcert.gov.ar
Av.R. Saenz Peña 511 Of 514 Cap.Fed. - Argentina
---------------------------------------------------------
next prev parent reply other threads:[~2003-02-11 19:22 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-02-11 7:25 Spoofed ip's deff
2003-02-11 15:56 ` uniplex
2003-02-12 1:28 ` Arnt Karlsen
2003-02-12 8:51 ` Adam D. Barratt
2003-02-11 17:09 ` Athan
2003-02-11 19:22 ` Gastón Franco [this message]
2003-02-12 8:56 ` Adam D. Barratt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3E494D8A.10815735@arcert.gov.ar \
--to=gfranco@arcert.gov.ar \
--cc=deff@sadomain.co.za \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox