Date: Thu, 13 Aug 1998 16:40:52 -0600 (MDT) From: Wes Peters <wes@softweyr.com> To: regnauld@deepo.prosa.dk (Philippe Regnauld) Cc: freebsd-security@FreeBSD.ORG Subject: Re: UDP port 31337 Message-ID: <199808132240.QAA18545@obie.softweyr.com> In-Reply-To: <19980813121846.33945@deepo.prosa.dk> from Philippe Regnauld at "Aug 13, 98 12:18:46 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> Brett Glass writes:
> > If no one was listening, it wouldn't be a problem.
> >
> > Only an attacker who INTENDED to invade your systems would be subject to
> > crashes due to the response. And would deserve it.
>
> ... provided he hadn't spoofed his source address...
>
> i.e.: you might be retaliating against some poor guy who didn't ask
> for it. (I could for example spoof a source address of 206.100.185.2).
>
> The rare occasions where I've taken down the host at the other
> end, was in cases of _unmistakable_ spammers, as they were sending
> their junk, from dialup Whinedoze machines. (And then again it
> takes time to figure out who's the the real culprit).
You (again) missed the obvous point: Brett's proprosal was to find
and exploit a security hold in BackOrifice itself. If the user is
spoofing address b.b.b.b, your coutner-attack would not take down
b.b.b.b unless b.b.b.b happened to be running BackOrifice, in which
case he deserves to get taken down anyhow.
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
http://www.softweyr.com/~softweyr wes@softweyr.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199808132240.QAA18545>