* Philipp Snizek wrote on Wed, Sep 27, 2000 at 09:20 +0200:
First question: Do spoofers use IP Adresses only of private IP ranges?
Of course not. It seems they like to use addresses of large sites like yahoo or gmx too. The problem with private IP space is, that usually a firewall allowes traffic from private IPs, if not configured very well.
echo 1 > /proc/net/sys/ipv4/conf/all/rp_filter
AFAIK: The kernel drops traffic which should have come in through interface A but was received by interface B. i.e. if you have a route to 192.168.0.0/24 on eth0 and you receive a packet from 192.168.0.1 in eth1 the kernel drops that packet, since it should have come to eth0 not eth1. I think this works for all routes that are known to the local system (list, please correct me if I'm wrong!) oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.