From owner-freebsd-security Wed Aug 12 19:46:45 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id TAA25421 for freebsd-security-outgoing; Wed, 12 Aug 1998 19:46:45 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from nexus.astro.psu.edu (nexus.astro.psu.edu [128.118.147.20]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id TAA25416 for ; Wed, 12 Aug 1998 19:46:43 -0700 (PDT) (envelope-from mph@astro.psu.edu) Received: from mstar.astro.psu.edu by nexus.astro.psu.edu (4.1/Nexus-1.3) id AA12652; Wed, 12 Aug 98 22:46:20 EDT Received: by mstar.astro.psu.edu (SMI-8.6/Client-1.3) id WAA09021; Wed, 12 Aug 1998 22:46:14 -0400 Message-Id: <19980812224614.B8987@astro.psu.edu> Date: Wed, 12 Aug 1998 22:46:14 -0400 From: Matthew Hunt To: "Jan B. Koum " , Marius Bendiksen Cc: Brett Glass , freebsd-security@FreeBSD.ORG Subject: Re: UDP port 31337 References: <3.0.5.32.19980812193700.0092f220@mail.scancall.no> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93i In-Reply-To: ; from Jan B. Koum on Wed, Aug 12, 1998 at 02:55:59PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Aug 12, 1998 at 02:55:59PM -0700, Jan B. Koum wrote: > AFAIK IP spoofing is "blind" - you can't be doing spoofing IP > during a portscan. Hence, if someone to portscan class B for udp port > 31337, the ought to do it from the real IP. Now the fact that this IP > might belong to someone else (cracked account, etc) is another matter. At least one (quite effective) port scanner supports IP spoofing. True, the user doesn't get the results. The purpose is to get somebody else in trouble for port scanning. -- Matthew Hunt * Inertia is a property of matter. http://www.pobox.com/~mph/pgp.key for PGP public key 0x67203349. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message