|
|||
Can I spoof???
Hi guys,
as said I'm doing my graduation with PF. Here's the scenario: VM connected to the INT_IF (PF), then PF has another IF to go outside (actually my phisical router). I've installed 2 VM, 1 win7 and the other BackTrack 4. I set up that ONLY Win7 machine can ping and surf, everything works because if I try a ping with Win7 it successes, with BT it fails. Now the "problem", in pf.conf I wrote the "anti spoof" rule but it doesn't seem to be working. Win7 has the IP of 10.0.0.50 and BT has 10.0.0.100, from BT I can launch this command: sing -S 10.0.0.50 8.8.8.8 and I have replies!!! I'm sure that I'm wrong somewhere... please look at the pictures that I've attacched. Let me know something. |
|
||||
If I understand your configuration, both your test Win7 and BT virtual machines are on the 10/8 network.
Antispoof is designed to prevent external attacks from pretending they are using internal addresses. It does not do what you assume. Please do the following:
|
|
|||
Ok I will try...
I just don't understand WHY PF considers SPOOF only at network-address level. If you think for a moment, you can compromise a network from inside or outside... and for me is worst if you compromise the network from inside 'cause it's considered a "protected" network. What I mean is that many firewalls check the single IP instead of network-address related to the interface. Anyway thank you for your reply! |
|
|