From owner-freebsd-security Fri Mar 15 13:53:16 2002 Delivered-To: freebsd-security@freebsd.org Received: from pa169.kurdwanowa.sdi.tpnet.pl (pa169.kurdwanowa.sdi.tpnet.pl [213.77.148.169]) by hub.freebsd.org (Postfix) with ESMTP id 1FFA437B402 for ; Fri, 15 Mar 2002 13:53:12 -0800 (PST) Received: from velvet.zaraska.dhs.org (velvet.zaraska.dhs.org [192.168.11.2]) by pa169.kurdwanowa.sdi.tpnet.pl (Postfix) with ESMTP id 0E7261E38; Fri, 15 Mar 2002 21:53:08 +0000 (GMT) Received: from velvet.zaraska.dhs.org (velvet.zaraska.dhs.org [127.0.0.1]) by velvet.zaraska.dhs.org (8.11.2/8.11.2) with SMTP id g2FLqM901129; Fri, 15 Mar 2002 22:52:22 +0100 Date: Fri, 15 Mar 2002 22:52:21 +0100 From: Krzysztof Zaraska To: "Mark Foster" Cc: freebsd-security@freebsd.org Subject: Re: Is PortSentry really safe to use? Message-Id: <20020315225221.043fe3b8.kzaraska@student.uci.agh.edu.pl> In-Reply-To: <1016228221.10601.69.camel@smokey.lan.enic.cc> References: <2332.213.112.58.232.1016226432.squirrel@phucking.kicks-ass.org> <02031521302303.03229@germanium> <1016228221.10601.69.camel@smokey.lan.enic.cc> Organization: University Of Mining And Metallurgy X-Mailer: Sylpheed version 0.6.2 (GTK+ 1.2.10; i686-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On 15 Mar 2002 13:37:00 -0800 Mark Foster wrote: > This attack (spoofing) can be circumvented by using ingress filtering on > your router or firewall. Not in all cases. A (partial) DoS can still be achieved by spoofing attack from external machines the network in question relies on, like DNS servers or HTTP proxies. An 'active response' mechanism in IDS can be valuable, provided it does not trigger on easily spoofable probes. -- // Krzysztof Zaraska * kzaraska (at) student.uci.agh.edu.pl // Prelude IDS: http://www.prelude-ids.org/ // A dream will always triumph over reality, once it is given the chance. // -- Stanislaw Lem To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message