From owner-freebsd-security  Wed Aug 12 14:56:42 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id OAA20073
          for freebsd-security-outgoing; Wed, 12 Aug 1998 14:56:42 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from shell6.ba.best.com (shell6.ba.best.com [206.184.139.137])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA20067
          for <freebsd-security@FreeBSD.ORG>; Wed, 12 Aug 1998 14:56:38 -0700 (PDT)
          (envelope-from jkb@best.com)
Received: from localhost (jkb@localhost)
	by shell6.ba.best.com (8.9.0/8.9.0/best.sh) with SMTP id OAA20638;
	Wed, 12 Aug 1998 14:55:59 -0700 (PDT)
X-Authentication-Warning: shell6.ba.best.com: jkb owned process doing -bs
Date: Wed, 12 Aug 1998 14:55:59 -0700 (PDT)
From: "Jan B. Koum " <jkb@best.com>
X-Sender: jkb@shell6.ba.best.com
To: Marius Bendiksen <Marius.Bendiksen@scancall.no>
cc: Brett Glass <brett@lariat.org>, freebsd-security@FreeBSD.ORG
Subject: Re: UDP port 31337
In-Reply-To: <3.0.5.32.19980812193700.0092f220@mail.scancall.no>
Message-ID: <Pine.BSF.3.96.980812145452.17894B-100000@shell6.ba.best.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


	AFAIK IP spoofing is "blind" - you can't be doing spoofing IP
during a portscan. Hence, if someone to portscan class B for udp port
31337, the ought to do it from the real IP. Now the fact that this IP
might belong to someone else (cracked account, etc) is another matter.

-- Yan

www.best.com/~jkb/         Unix users of the world unite:
www.{free,open,net}bsd.org | www.linux.org | www.apache.org | www.perl.com
"Turn up the lights, I don't want to go home in the dark."

On Wed, 12 Aug 1998, Marius Bendiksen wrote:

>>Oh. In other words, "the wrong person" would just happen to be running the
>>Back Orifice program and attempting to break into your system? Not bloody
>>likely.
>
>Ever heard of IP spoofing?
>
>In any case, as I said, it's principally wrong to escalate a conflict by
>retaliation. Besides which, it's illegal too.
>---
>Marius Bendiksen, IT-Trainee, ScanCall AS
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe security" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message