[X-Unix] "egress filter" on OSX?
Eugene Lee
list-themacintoshguy at fsck.net
Mon Jan 26 12:28:33 PST 2004
On Fri, Jan 23, 2004 at 07:07:28PM +1100, Alan Harper wrote:
: On Wed, Jan 21, 2004 at 01:24:33PM -0700, James Burton wrote:
: >
: > A week ago, I installed SNORT on the iMac I use as a server, and the
: > past two days I've been getting alerts of suspicious traffic
: > ""BAD-TRAFFIC loopback traffic"
: >
: > A file referenced in the alert explains that this happens when someone
: > spoofs an internal IP and uses it to snoop for exploitable ports.
: >
: > The file also says that to combat this, one should employ an "egress
: > filter." Does anyone know how to set this up on OSX? One would think
: > that this would be built-in since it seems to be a common avenue of
: > attack.
:
: I've never heard of this, but its quite common for firewalls to
: specifically block IP ranges which are wrong for that interface. Some
: sort of ipfw script which only permitted packets on your internal
: subnet to come via the appropriate interface would have a desireable
: secure affect. Hope this sets you in the right direction
Egress filtering: block outgoing connections from invalid internal
source addresses.
--
Eugene Lee
http://www.coxar.pwp.blueyonder.co.uk/
More information about the X-Unix
mailing list