Date: Sun, 28 Jan 2001 02:30:05 -0800 From: Kris Kennaway <kris@obsecurity.org> To: FBSDSecure@aol.com Cc: freebsd-security@FreeBSD.ORG Subject: Re: (no subject) Message-ID: <20010128023005.A19353@xor.obsecurity.org> In-Reply-To: <b2.10786063.27a54c9f@aol.com>; from FBSDSecure@aol.com on Sun, Jan 28, 2001 at 05:21:19AM -0500 References: <b2.10786063.27a54c9f@aol.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--EeQfGwPcQSOJBaQU Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Jan 28, 2001 at 05:21:19AM -0500, FBSDSecure@aol.com wrote: > addresses are valid and which are not. So spoofing an IP address is pret= ty=20 > close to impossible from a Dialup, xDSL, or cable modem. Another thing t= o=20 Wrong. If this were true, packet-flooding based denial of service attacks would be almost impossible since they would be easily blocked and traced. The sad fact of the matter is that the majority of networks on the internet today, including ISPs do not implement egress filtering. > point out though is if a hacker were to spoof his IP address and do a por= t=20 > scan, what would be the point? The data is useless if it can't get back = to=20 > the individual. Besides, the portsentry package has a ignore file. You miss the point: the attacker won't get any information back out of it, but if you have a fascist response to port scans which blackholes all traffic coming from the IP address of the port scan, the attacker can spoof the packets to come from a server which is critical to the operation of your machine, such as your ISP's DNS servers, or mail servers, which will cause your machine to blackhole them and thereby shoot itself in the foot. At a lower level of annoyance, you can blackhole popular websites like google which the user might use. The point is that automated active response is almost always a bad idea, because it can be fooled into doing more harm than good. Kris --EeQfGwPcQSOJBaQU Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6c/SsWry0BWjoQKURAgm6AKDUOZ5qKwYBynC+7A4r4WCDMW2JYwCgwM09 bicAtllL48OrrcRCl69NGsY= =Sye6 -----END PGP SIGNATURE----- --EeQfGwPcQSOJBaQU-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010128023005.A19353>