IP Spoofing question..
Christopher Wagner
chrisw at pacaids.com
Mon Sep 30 15:53:05 PDT 2002
Background:
I have several servers behind my firewall with my firewall (A Netopia) doing
transparent IP mapping to the servers with internal IP addresses.. I am
also running iptables on those servers.. I'm using the Netopia to bridge
several internal subnets, some via VPN, some via Ethernet. (10.0.0.0,
local; 192.168.1.0, local; 192.168.100.0, ipsec vpn; 192.168.2.0, atmp vpn)
The servers in question are on the 192.168.1.0 network, people from the
10.0.0.0 network and the 192.168.2.0 network need to access the servers.
I've specified 10.0.0.0/24 and 192.168.2.0/24 so I'm limiting the network
scope (esp. important for the damn class A network) On one mail server, I'm
running the lastest RPM build of Postfix, and for the other mail server, I'm
running Sendmail
Problem:
I've received a complaint from spamcop.net saying I've been operating an
open relay, however the abuse.net clearing house spam relay test shows I'm
not an open relay. So, I'm obviously puzzled.
Question:
If I allow a range of IPs on my internal network to access the server on
certain ports (and allow relaying from only those IPs or subnets), is there
anyway for someone to spoof an internal IP address from the outside network
and gain relaying priveleges on my mail server? And am I doing something
wrong?
Thanks in advance.
- Christopher Wagner
chrisw at pacaids.com
Packaging Aids Corporation - Information Systems
P.O. Box 9144
San Rafael, CA 94912-9144
http://www.pacaids.com/
(415) 454-4868 x116
More information about the talk
mailing list