On Fri, Feb 16, 2001 at 07:11:56AM -0500, nrvale0 wrote: > How can I formulate my ICMP packet at evil host s.t. it may get to > target host. I can't just put target host's IP address in the DEST > field because it will never be able to travel the Internet due to the > non-routable DEST address. Is this a job for src routing? Is there > some other way to handle this?
If you're on the same subnet, you could change the evil host's routing tables to send packets to the firewall. Otherwise, it's pretty impossible unless every router between the evil host and the destination is misconfigured to accidently route those packets in the right direction such that they end up at the firewall. Anyhow, this rule: ipchains -A input -i $extint -s 0.0.0.0/0 -d 192.168.1.0/24 -l -j REJECT Where $extint is my external ethernet interface and 192.168.1.0/24 is my internal net, makes the firewall throw any packets from the outside destined for any address on the inside away, which makes this whole thing moot. I have yet to get any log entries from this rule. -- Jordan Bettis <http://www.hafd.org/~jordanb/> Ooohh.. "FreeBSD is faster over loopback, when compared to Linux over the wire". Film at 11.' -- Linus Torvalds
