Date: Fri, 15 Mar 2002 22:52:21 +0100 From: Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl> To: "Mark Foster" <mdf@enic.cc> Cc: freebsd-security@freebsd.org Subject: Re: Is PortSentry really safe to use? Message-ID: <20020315225221.043fe3b8.kzaraska@student.uci.agh.edu.pl> In-Reply-To: <1016228221.10601.69.camel@smokey.lan.enic.cc> References: <2332.213.112.58.232.1016226432.squirrel@phucking.kicks-ass.org> <02031521302303.03229@germanium> <1016228221.10601.69.camel@smokey.lan.enic.cc>
next in thread | previous in thread | raw e-mail | index | archive | help
On 15 Mar 2002 13:37:00 -0800 Mark Foster wrote: > This attack (spoofing) can be circumvented by using ingress filtering on > your router or firewall. Not in all cases. A (partial) DoS can still be achieved by spoofing attack from external machines the network in question relies on, like DNS servers or HTTP proxies. An 'active response' mechanism in IDS can be valuable, provided it does not trigger on easily spoofable probes. -- // Krzysztof Zaraska * kzaraska (at) student.uci.agh.edu.pl // Prelude IDS: http://www.prelude-ids.org/ // A dream will always triumph over reality, once it is given the chance. // -- Stanislaw Lem To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020315225221.043fe3b8.kzaraska>