Date: Thu, 11 Jan 1996 07:56:07 +0800 (WST) From: Adrian Chadd <adrian@obiwan.aceonline.com.au> To: Chad Scott <chad@txdirect.net> Cc: freebsd-questions@freebsd.org Subject: RE: Spoofed IPs Message-ID: <Pine.BSF.3.95q.960111075201.7558B-100000@obiwan.aceonline.com.au> In-Reply-To: <01BC2449.A09FC8D0@enterprise.hippie.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> Normal IP spoofing. I understand the ident stuff :) > > This is ircd2.8.2+CSr25... I've experimented with porting the Undernet random ping thing, but that code doesn't translate very well, and I always end up coring. > > Any ideas? > > Ok. People might be playing with source-routed packets (lots of IP spoof attacks on stuff like rsh, rlogin, etc, that rely on an IP for authentication of a machine), from what I remember that could be a way to do it. Do a sysctl net.inet.ip.sourceroute , it should equal 0 (from memory FreeBSD defaults to that, and all my 2.1.x and 2.2 machines do). Another way that I've done before is sending the machine a spoofed DNS packet just after the connection is requested, sending incorrect reverse-dns data to the machine running the ircd. Is the machine that isn't suceptable running a nameserver? Also - try asking the guys who wrote the undernet server source and anti-IP spoofing protection, they might have a thing or two to say :) Anyone else have any ideas? Adrian. <adrian@psinet.net.au>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95q.960111075201.7558B-100000>