Date: Sun, 28 Jan 2001 12:43:08 -0800 (PST) From: Thomas Cannon <root@noops.org> To: freebsd-security@FreeBSD.ORG Subject: Re: (no subject) Message-ID: <Pine.BSF.4.21.0101281236060.17557-100000@sonar.noops.org> In-Reply-To: <Pine.BSF.4.10.10101281016410.772-100000@bsdie.rwsystems.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Sun, 28 Jan 2001, Chris wrote: > > > Another thing to point out though is if a hacker were to spoof his IP address > > > and do a port scan, what would be the point? The data is useless if it can't > > > get back to the individual. > > > > One word, DoS. Well, two words... one of which is DoS. Another, which I find fun, and also doesn't matter if your ISP does egress filtering is to make a scan look like it came from your whole subnet. I'm sure that even if my DSL provider was making sure all the leaving traffic came from it's network it would still be tough to catch. Or, and this is rare these days, is if you are on an unswitched subnet or could somehow view traffic in flight you can always make the scan look like it came from the guy next door and just sniff the replies as them come back. I know my DSL is unfiltered on it's way out, so if I'm doing an audit from home for any reason I always mix in 127.0.0.1 as a decoy -- just in case it hits something amusingly misconfigured, like a portsentry-type package with a glaring misconfiguration. -tcannon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0101281236060.17557-100000>