Date: Sun, 28 Jan 2001 02:30:05 -0800 From: Kris Kennaway <kris@obsecurity.org> To: FBSDSecure@aol.com Cc: freebsd-security@FreeBSD.ORG Subject: Re: (no subject) Message-ID: <20010128023005.A19353@xor.obsecurity.org> In-Reply-To: <b2.10786063.27a54c9f@aol.com>; from FBSDSecure@aol.com on Sun, Jan 28, 2001 at 05:21:19AM -0500 References: <b2.10786063.27a54c9f@aol.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Sun, Jan 28, 2001 at 05:21:19AM -0500, FBSDSecure@aol.com wrote: > addresses are valid and which are not. So spoofing an IP address is pretty > close to impossible from a Dialup, xDSL, or cable modem. Another thing to Wrong. If this were true, packet-flooding based denial of service attacks would be almost impossible since they would be easily blocked and traced. The sad fact of the matter is that the majority of networks on the internet today, including ISPs do not implement egress filtering. > point out though is if a hacker were to spoof his IP address and do a port > scan, what would be the point? The data is useless if it can't get back to > the individual. Besides, the portsentry package has a ignore file. You miss the point: the attacker won't get any information back out of it, but if you have a fascist response to port scans which blackholes all traffic coming from the IP address of the port scan, the attacker can spoof the packets to come from a server which is critical to the operation of your machine, such as your ISP's DNS servers, or mail servers, which will cause your machine to blackhole them and thereby shoot itself in the foot. At a lower level of annoyance, you can blackhole popular websites like google which the user might use. The point is that automated active response is almost always a bad idea, because it can be fooled into doing more harm than good. Kris [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6c/SsWry0BWjoQKURAgm6AKDUOZ5qKwYBynC+7A4r4WCDMW2JYwCgwM09 bicAtllL48OrrcRCl69NGsY= =Sye6 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010128023005.A19353>