Date: Wed, 08 Dec 1999 22:13:08 +0000 From: Adam Laurie <adam@algroup.co.uk> To: Mark Newton <newton@atdot.dotat.org> Cc: "Scott I. Remick" <scott@computeralt.com>, freebsd-security@FreeBSD.ORG Subject: Re: What kind of attack is this? Message-ID: <384ED7F4.61804910@algroup.co.uk> References: <4.2.2.19991208162315.00b5f4e0@mail.computeralt.com> <19991209083140.A7509@atdot.dotat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Mark Newton wrote: > > On Wed, Dec 08, 1999 at 04:51:11PM -0500, Scott I. Remick wrote: > > > I know that's what firewalls are for, and that's why I'm working on > > one. Holdup is time-constraints and red-tape and corporate politics and > > screwed up priorities and so on, so let's just leave it that the firewall > > is coming but is not here yet (if you remember back, this is the company > > that wants to use MS Proxy). > > heheh. That's probably why you're being attacked :-) > > > So how does one protect themselves against such an attack? I have an > > Ascend Pipeline 50 router which I'm trying to sort out from the manuals a > > way to use its filters and how it behaves if rules overlap (what I'm > > thinking is trying to find a way to block all incoming UDP packets EXCEPT > > the type which are known to be good). > > Get a FreeBSD box with two ethernet interfaces. Enable ipfw. Start > with rules that look like this: > > ipfw add pass udp from any GOODPORT to any in via OUTSIDE-INTERFACE > i in via OUTSIDE-INTERFACE > ipfw add pass all from any to any No, that would be bad. If they can spoof their address, they can certainly spoof the source port (get a copy of netcat (respex to hobbit) and have a play if you don't believe it). cheers, Adam -- Adam Laurie Tel: +44 (181) 742 0755 A.L. Digital Ltd. Fax: +44 (181) 742 5995 Voysey House Barley Mow Passage http://www.aldigital.co.uk London W4 4GB mailto:adam@algroup.co.uk UNITED KINGDOM PGP key on keyservers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?384ED7F4.61804910>