Source and Destination

Discussion in 'LnS English Forum' started by nuser, Jun 2, 2007.

Thread Status:
Not open for further replies.
  1. nuser

    nuser Registered Member

    Joined:
    May 31, 2007
    Posts:
    105
    Location:
    Singapore
    Hi,
    I have found some unofficial tutorial on looknstop, which mentions that in looknstop, the 'source' always means 'Local machine', while 'Destination' always means 'remote machine'. Is this right?

    The reason I ask this question is that in the enhanced ruleset, there are 2 ICMP rules (request and respond). For 'request', the 'Source" is localhost, while for 'respond', the "Destination' becomes localhost.

    So, in this case, the first statement on the source and destination must be wrong.

    My understand is: source means 'sending' , destination means 'receiving'. Am I right?
     
  2. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi nuser :)

    No. This is not correct.

    In a normal connection between your PC and a server there is a data exchange
    from your PC to the Server and from the Server to your PC...

    So each machine in the connection is sometimes the "Source" and sometimes the "Destination"...

    This is indicated in every rules with the packets allowed incoming and outgoing.

    When you have a rule which allow only incoming packet, in this case,
    the "Source" is always the remote machine and the "Destination" the local machine.

    On the other hand, if you have a rule with only outgoing packets allowed, in this case the local machine is always the "Source" and the remote , the "Destination"...

    ( In a rule with incoming and outgoing packets you add the IP Address Equal MY@ to determine what is the local source... )

    :)
     
  3. nuser

    nuser Registered Member

    Joined:
    May 31, 2007
    Posts:
    105
    Location:
    Singapore
    thanks,Climenole,

    So, in a rule with bi-directional connections, the 'localhost' can be regarded as source or destination arbitrarily, since there are no difference between source and destination in this case. Am I right?

    Another question, in this rule in the enhanced ruleset, is there any difference if I change the 'All' to 'Equal MY@' in the destination field?

    In the 2nd snapshot, how to distinguish source and destination? (Since there is no difference at all). Is the local machine on the left or the right side?
     

    Attached Files:

    Last edited: Jun 2, 2007
  4. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi nuser :)

    It's not arbitrarly: if the locahost sent data to the server it is the source.

    All means ant IP addresses and Equal MY@ means your PC IP addr.

    There is a difference between a packet with your @IP as destination
    and an other packet with an other destination IP addr.

    This is chekced by the Stateful Inspection: if a packet is not in the sequence of an existing connection it will be rejected (with a message in the log: Staeful inspection: no connection founded).

    In the vast majority of rules the local ports AND the IP Addr, equal MY@ are
    explicitly indicated...



    The first screen capture shows a blockin rule for a certain type of ICMP type/code. This is a "locking" rule: everythings of this type/code is blocked in and out. It's not needed to indicates a source or destination here(explicitly) biut be sure sure that this rule block a packet with your PC as source OR destination and the opposite...

    The second screen capture show a generic rule for DHCP: it's a kind of local loop between ports 67 and 68 where the source and destination changed depending of the step in the DHCP data exchange...


    Here : a simple connection between a PC and a web site. Check the first column with a U (Upload) and D (Download) and compare the source and destination...


    :)
     

    Attached Files:

Thread Status:
Not open for further replies.