Host.conf Hardening - Prevent IP spoofing

[Soulwatcher]

The first thing you are going to want to do is SSH into your server. Then type the following command.

#pico -w /etc/host.conf

Scroll down until you see (order hosts,bind) Just below it type (nospoof on) and then save. It should look like this when your done

order hosts,bind
nospoof on

Thats it, your all done. Make sure to restart your network so the new rules will take effect.

[James72]

Thanks for the tutorial!

What exactly will this do, and is it foolproof?
________
buy easy vape vaporizer

[Coop]

spoofing is a little complicated to explain, and doesn't really affect you if you only have a single IP address. Basically, if you had a network of several differant machines, you may adjust your firewall rules so that your internal machines have more access to each other than external machines. You may, for example, decide that all ports are open between internal machines, but only ports 80, 443 and 25 for external machines. This is a common setup.

If your network is not properly protected, it is possible for someone to setup a machine externally that uses a spare IP from your local network (only works with real IP's, as most internet routers will not route the private blocks such as 192.168.* etc.). So they have a machine that has potentially greater access to your network.

They then setup a static route on their machine saying that to talk to your network, the machine should route all packets via your router. If done correctly, and your router is not properly protected, then tey will have the same access to your network as any other local machine.

There are several ways around this problem, but the most common is to make your router drop any packets coming from the internet interface that have IP addresses on your local network. Protection can also be put in place at the ehternet level by locking IP's to MAC addresses to make things even more difficult, but your typical home roputer / switch does not include that facility.

[LucnetSolutions]

This a nice tip for added security. I seen this before and have it on all our servers. Glad see this here.

[imtheonetoo]

Quote:

Originally Posted by Coop

If your network is not properly protected, it is possible for someone to setup a machine externally that uses a spare IP from your local network (only works with real IP's, as most internet routers will not route the private blocks such as 192.168.* etc.). So they have a machine that has potentially greater access to your network.

emphasis on security should always be a priority - even though if someone really want to harm you, they eventually will - but it's just a matter of making it as difficult as possible for them. E

[rmwebs]

Nice Tutorial! Thank you

[timeassasin]

thanks for sharing!

[Lamer980]

Thanks, Soulwatcher, its always good to get feedback.

[AndraJoseph]

Thanks for the information soulwatcher. I will definitely try this one out at the beginning of the code.

[pengerik]

I'm going to order a webserver with several IP's in the coming weeks, so this was really helpfull information ! Thanx for sharing