|
I have a situation on my network. I want to
block access to my site (web server, etc) from a IP address class. I
created a rule to drop connections coming from this IP address range (iptables
-A BANNED -p tcp -s 1.2.3.4/16 -j DROP) but this person keeps getting connected
to me. I know this because my message boards on my web server logs
the IP address of the poster and I am getting a post from ip address 1.2.150.200
which should be included in the DROP rule. Now I added a log rule with the
same IP address and I don't see any log entries. The only logical
conclusion I can come up with is this person is somehow finding a way to
circumvent my firewall.
My question to you all and to you hackers is is
there a way to get around a firewall based on IPTables either by spoofing an IP
address or creating a TCP packet that IPTables lets though or any other way you
can possible think of to get around a IPTables based firewall?
I should also add that my firewall is dedicated and
my web server is behind it getting its packets forwarded. In my FORWARD
chain I have all packets going though the BANNED user defined chain (iptables -A
FORWARD -j BANNED.) Also I have tested this by blocked myself and I can't
connect to anything when I am blocked. I also blocked other people and
they all told me that they can't get though so I know it is
working.
Please Help because I am almost out of
hair!!!!!!
|
- RE: Circumventing IPTables Chris Hoeschen
- RE: Circumventing IPTables Stewart Thompson
- Re: Circumventing IPTables Chris Hoeschen
- Re: Circumventing IPTables Antony Stone
- Re: Circumventing IPTables Ramin Alidousti
- Re: Circumventing IPTables Chris Hoeschen
- Re: Circumventing IPTables Ramin Alidousti
