From owner-freebsd-security Sun Jan 28 12:43:18 2001 Delivered-To: freebsd-security@freebsd.org Received: from sonar.noops.org (adsl-63-195-97-84.dsl.snfc21.pacbell.net [63.195.97.84]) by hub.freebsd.org (Postfix) with ESMTP id 27AB937B402 for ; Sun, 28 Jan 2001 12:43:00 -0800 (PST) Received: from localhost (root@localhost) by sonar.noops.org (8.9.3/8.9.3) with ESMTP id MAA17618 for ; Sun, 28 Jan 2001 12:43:08 -0800 (PST) (envelope-from root@noops.org) Date: Sun, 28 Jan 2001 12:43:08 -0800 (PST) From: Thomas Cannon To: freebsd-security@FreeBSD.ORG Subject: Re: (no subject) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > On Sun, 28 Jan 2001, Chris wrote: > > > Another thing to point out though is if a hacker were to spoof his IP address > > > and do a port scan, what would be the point? The data is useless if it can't > > > get back to the individual. > > > > One word, DoS. Well, two words... one of which is DoS. Another, which I find fun, and also doesn't matter if your ISP does egress filtering is to make a scan look like it came from your whole subnet. I'm sure that even if my DSL provider was making sure all the leaving traffic came from it's network it would still be tough to catch. Or, and this is rare these days, is if you are on an unswitched subnet or could somehow view traffic in flight you can always make the scan look like it came from the guy next door and just sniff the replies as them come back. I know my DSL is unfiltered on it's way out, so if I'm doing an audit from home for any reason I always mix in 127.0.0.1 as a decoy -- just in case it hits something amusingly misconfigured, like a portsentry-type package with a glaring misconfiguration. -tcannon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message