| 1 |
I agree, it would be an obvious spoof to the gateway, but I think when |
| 2 |
packets are being routed, devices are only concerning themselves with |
| 3 |
how to get the packet to the destination. I'm more concerned with |
| 4 |
fooling the would-be attacker. I could even go so far as trying to |
| 5 |
determine what brand/model my gateway is, so that way my 'spoofed' |
| 6 |
replies could match it's fingerprinting characteristics (TTL, DF, MSS, |
| 7 |
MTU, etc.) Of course, this is all useless if I am providing any |
| 8 |
services to the Internet. But if I'm not, would it reduce the number of |
| 9 |
attacks if they can't see me? |
| 10 |
|
| 11 |
-----Original Message----- |
| 12 |
From: Frank Gruellich [mailto:frank@××××××××××××.org] |
| 13 |
Sent: Friday, January 09, 2004 3:05 AM |
| 14 |
To: gentoo-security@l.g.o |
| 15 |
Subject: Re: [gentoo-security] firewall suggestions? |
| 16 |
|
| 17 |
* Bob Crain <robert.crain@×××××××.net> 8. Jan 04 |
| 18 |
> I've got DSL, and I know the IP of my gateway. When I want to appear |
| 19 |
> invisible, I respond to unwanted packets with a 'REJECT - ICMP host |
| 20 |
> unreachable' that has a spoofed source address of my gateway? That |
| 21 |
way, |
| 22 |
> it looks like the gateway responded and I don't exist! |
| 23 |
> |
| 24 |
> Whadduya think? |
| 25 |
|
| 26 |
Nice idea, but the packet has to traverse the gateway, too... a gateway |
| 27 |
that forwards a paket with itself as origin? This would be a very |
| 28 |
obvious spoof. |
| 29 |
|
| 30 |
Regards, Frank. |
| 31 |
-- |
| 32 |
Sigmentation fault |
| 33 |
|
| 34 |
-- |
| 35 |
gentoo-security@g.o mailing list |
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
-- |
| 41 |
gentoo-security@g.o mailing list |
Archives