Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Linux
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: CAN-2004-1137

from [Foundation Linux] Network Security [Permanent Link]
Subject: Re: CAN-2004-1137
Date: Tue, 04 Jan 2005 12:37:38 -0800 
From TCP/IP Illustrated, Volume I, pp. 79:

"Like ICMP, IGMP is considered part of the IP layer. Also like ICMP, IGMP messages are transmitted in IP datagrams."

Basically, it is an IP datagram with a protocol # of 2. The second 32-bit chunk is the 32-bit group address, which is a Class D IP address: 224.0.0.0/4. Block that on INPUT using itpables and you should not see those packets again.

iptables -A INPUT -s 224.0.0.0/4 -j DROP iptables -A INPUT -d 224.0.0.0/4 -j DROP 


Charles E. Hill

hilton de meillon wrote:

I have been doing a bit of research - there are numerous instances of
iptables scripts containing rules to block IGMP using iptables - am I
correct in saying that IGMP is on the network layer IP protocol 2 hence all
the iptables rulesets claiming to block igmp are misinformed ?.

Is there a igmptables or any other way of selectively blocking IGMP using
linux ?.

Hilton.



[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: CAN-2004-1137, Zow
Next by Date:  RE: CAN-2004-1137, hilton de meillon
Previous by Thread:  Re: CAN-2004-1137, Zow
Next by Thread:  RE: CAN-2004-1137, hilton de meillon
Indexes:  [Date] [Thread] [Top] [All Lists]