Outbound source address packet filtering has been used since the beginning of the DDOS attacks. However, it was only implemented by security gurus to identify a compromised machine on your local network. That is, simply denying the outbound traffic doesn't negate the fact that your machine has been compromised, therefore it's best to log any incident where the given rule has ben violated on the router. Here's an example of this filter when applied to a Cisco router:
access-list ### permit ip ###.###.###.0 0.0.0.255 any access-list ### deny ip any any log
In the above example, we are allowing a user defined Class-C subnet to be allowed outbound. Therefore you will want to apply this rule to outbound traffic on your serial interface. Even though by default a Cisco IOS access-list has an implicit deny all rule following all list entries, you need to add this line in order to log all denied traffic. Once you identify which local host is sending spoofed outbound packets, you can then work on the oh-so-fun damage control. Hope this helps.
Alan, most people when working on an seemingly neverending project set a timeline of expectations or goals. Have you established a set timeline/priority for adding features to linux or do you just write code for whatever sounds interesting at any given time?
Slashdot Mirror
Outbound source address packet filtering has been used since the beginning of the DDOS attacks. However, it was only implemented by security gurus to identify a compromised machine on your local network. That is, simply denying the outbound traffic doesn't negate the fact that your machine has been compromised, therefore it's best to log any incident where the given rule has ben violated on the router. Here's an example of this filter when applied to a Cisco router:
access-list ### permit ip ###.###.###.0 0.0.0.255 any
access-list ### deny ip any any log
In the above example, we are allowing a user defined Class-C subnet to be allowed outbound. Therefore you will want to apply this rule to outbound traffic on your serial interface. Even though by default a Cisco IOS access-list has an implicit deny all rule following all list entries, you need to add this line in order to log all denied traffic. Once you identify which local host is sending spoofed outbound packets, you can then work on the oh-so-fun damage control. Hope this helps.
Alan, most people when working on an seemingly neverending project set a timeline of expectations or goals. Have you established a set timeline/priority for adding features to linux or do you just write code for whatever sounds interesting at any given time?