From owner-freebsd-security Tue Jan 30 0: 1:10 2001 Delivered-To: freebsd-security@freebsd.org Received: from imo-d07.mx.aol.com (imo-d07.mx.aol.com [205.188.157.39]) by hub.freebsd.org (Postfix) with ESMTP id EC65037B4EC for ; Tue, 30 Jan 2001 00:00:47 -0800 (PST) Received: from FBSDSecure@aol.com by imo-d07.mx.aol.com (mail_out_v29.5.) id n.3c.6c030f5 (16785) for ; Tue, 30 Jan 2001 03:00:42 -0500 (EST) From: FBSDSecure@aol.com Message-ID: <3c.6c030f5.27a7ceaa@aol.com> Date: Tue, 30 Jan 2001 03:00:42 EST Subject: Re: (no subject) To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: AOL 5.0 for Windows sub 120 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In a message dated 1/28/01 12:43:34 PM Pacific Standard Time, root@noops.org writes: > > On Sun, 28 Jan 2001, Chris wrote: > > > > Another thing to point out though is if a hacker were to spoof his IP > address > > > > and do a port scan, what would be the point? The data is useless if > it can't > > > > get back to the individual. > > > > > > One word, DoS. > > Well, two words... one of which is DoS. Another, which I find fun, and > also doesn't matter if your ISP does egress filtering is to make a scan > look like it came from your whole subnet. I'm sure that even if my DSL > provider was making sure all the leaving traffic came from it's network it > would still be tough to catch. Or, and this is rare these days, is if you > are on an unswitched subnet or could somehow view traffic in flight you > can always make the scan look like it came from the guy next door and just > sniff the replies as them come back. > > I know my DSL is unfiltered on it's way out, so if I'm doing an audit from > home for any reason I always mix in 127.0.0.1 as a decoy -- just in case > it hits something amusingly misconfigured, like a portsentry-type package > with a glaring misconfiguration. > > -tcannon > That's why 127.0.0.1 is in the ignore file. Reminds me of an phrase I heard somewhere...One false packet and I'll knock you off the net....Or something like that. Dan. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message