You Are Here: Home » Hacking » Firewall » Linux Iptables Avoid IP Spoofing And Bad Addresses Attacks

Linux Iptables Avoid IP Spoofing And Bad Addresses Attacks

Spoofing and bad address attack tries to fool the server and try to claim that packets had come from local address/network.

Following IP/netwok address are know to open this kind of attack:

Incoming source IP address is your servers IP address

Bad incoming address from following ranges:

  • 0.0.0.0/8
  • 127.0.0.0/8
  • 10.0.0.0/8
  • 172.16.0.0/12
  • 192.168.0.0/16
  • 192.168.0.0/16
  • 224.0.0.0/3
  • Your own internal server/network ip address/ranges.

Following small shell script tries to prevent this kind of attacks:

#!/bin/bash
 
INT_IF="eth1" # connected to internet 
SERVER_IP="202.54.10.20" # server IP
LAN_RANGE="192.168.1.0/24" # your LAN IP range 
 
# Add your spoofed IP range/IPs here
SPOOF_IPS="0.0.0.0/8 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 224.0.0.0/3"
 
IPT="/sbin/iptables" # path to iptables
 
# default action, can be DROP or REJECT 
ACTION="DROP"
 
# Drop packet that claiming from our own server on WAN port
$IPT -A INPUT -i $INT_IF -s $SERVER_IP -j $ACTION
$IPT -A OUTPUT -o $INT_IF -s $SERVER_IP -j $ACTION
 
# Drop packet that claiming from our own internal LAN on WAN port
$IPT -A INPUT -i $INT_IF -s $LAN_RANGE -j $ACTION
$IPT -A OUTPUT -o $INT_IF -s $LAN_RANGE -j $ACTION
 
## Drop all spoofed 
for ip in $SPOOF_IPS
do
 $IPT -A INPUT -i $INT_IF -s $ip -j $ACTION
 $IPT -A OUTPUT -o $INT_IF -s $ip -j $ACTION
done
## add or call your rest of script below to customize iptables ##

Save and close the file. Call above script from your own iptables script. Add following line to your /etc/sysctl.conf file
net.ipv4.conf.all.rp_filter=1
net.ipv4.conf.all.log_martians=1
net.ipv4.conf.default.log_martians=1

The net.ipv4.conf.all.rp_filter=1 entry enables source address verification which is inbuilt into Linux kernel itself and last two lines logs all such spoofed packets in log file.

About The Author

harrychanputra.web.id

Number of Entries : 295

Leave a Comment

© 2011 Powered By Wordpress, Goodnews Theme By Geeks Docuementation

Scroll to top