Re: ZAPA: Re: [EXIM] IP spoofing

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Malcolm Ray
Dátum:  
Címzett: Marilyn Davis
CC: exim-users
Tárgy: Re: ZAPA: Re: [EXIM] IP spoofing
> My sysadmin tells me that the OS is a good place for it because the
> OS handles the TCP. And, he sets a parameter there for this. Am I
> making sense?


Yes. While there's nothing wrong with applications (like exim) dropping
source-routed traffic, a chain is only as strong as its weakest link, and
if the bad guys find that they can't disrupt your work using their preferred
method, they might try other methods: perhaps breaking into the system,
using IP spoofing to cover their tracks, and then injecting forged mail
locally. If your OS rejects source routing, then all your applications
are protected against that kind of IP spoofing.

You'd probably still want to take other steps, perhaps including setting
up some filtering rules using ipfwadm/ipchains, which would go some way to
making up for your lack of a firewall or boundary router under your control.
But that's beyond the scope of exim-users.

Stuff about ipfwadm for Linux 2.0:

http://www.xos.nl/linux/ipfwadm/

Stuff about ipchains for Linux 2.2:

http://www.rustcorp.com/linux/ipchains/

-- 
Malcolm Ray                           University of London Computer Centre




--
*** Exim information can be found at http://www.exim.org/ ***