Date: Tue, 30 Jan 2001 02:54:10 EST From: FBSDSecure@aol.com To: freebsd-security@freebsd.org Subject: Re: (no subject) Message-ID: <36.115ac9de.27a7cd22@aol.com>
next in thread | raw e-mail | index | archive | help
In a message dated 1/28/01 2:29:59 AM Pacific Standard Time, kris@obsecurity.org writes: > > addresses are valid and which are not. So spoofing an IP address is pretty > > > close to impossible from a Dialup, xDSL, or cable modem. Another thing to > > > Wrong. If this were true, packet-flooding based denial of service > attacks would be almost impossible since they would be easily blocked > and traced. The sad fact of the matter is that the majority of > networks on the internet today, including ISPs do not implement egress > filtering. > > > point out though is if a hacker were to spoof his IP address and do a port > > > scan, what would be the point? The data is useless if it can't get back > to > > the individual. Besides, the portsentry package has a ignore file. > > You miss the point: the attacker won't get any information back out of > it, but if you have a fascist response to port scans which blackholes > all traffic coming from the IP address of the port scan, the attacker > can spoof the packets to come from a server which is critical to the > operation of your machine, such as your ISP's DNS servers, or mail > servers, which will cause your machine to blackhole them and thereby > shoot itself in the foot. At a lower level of annoyance, you can > blackhole popular websites like google which the user might use. > > The point is that automated active response is almost always a bad > idea, because it can be fooled into doing more harm than good. > > Kris > > Then why doesn't the ISPs use egress filtering? To me it would stop alot of the junk that is going on in the internet. Like I said, all critical IPs are placed in the ignore file. The DNS and email servers I did not consider, but they will be added. Thanks for the tip. Dan. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?36.115ac9de.27a7cd22>