Gentoo Archives: gentoo-security

From: Matan Peled <chaosite@×××××.com>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] [OT?] automatically firewalling off IPs
Date: Thu, 06 Oct 2005 10:25:24
In Reply to: Re: [gentoo-security] [OT?] automatically firewalling off IPs by William Kenworthy
Hash: SHA1

William Kenworthy wrote:
> Can anyone comment whether IP spoofing (for hiding country of origin) is > common? Seems quite unlikely - at least at the current state of things. > Is it even possible to tell (at the firewall interface?) > > BillK
I think that for hiding country of origin by IP spoofing is quite useless, at least on the Internet (It might work on a single subnet, or if you pretend to be another IP in your subnet, and then switches complicate it as well...) AFAIK, you can't actually connect to a server with a spoofed IP, since the server will send the reply packets to the spoofed IP, which will either drop them or tell the server it doesn't want them. Spoofed IPs are only good if you want to flood a server with them and not have the admin know where they came from (not easily, anyway). However, firewalls that automatically blacklist IPs that do weird things can be exploited. Lets say you have connection rate limiting on your SSH port. I can send your firewall spoofed packets that contain your IP, have it rate limit my spoofed packets. And then you can't connect. Not good... Anyway, about hiding country of origin - its usually done using proxies. There are many open proxies out there... - -- [Name ] :: [Matan I. Peled ] [Location ] :: [Israel ] [Public Key] :: [0xD6F42CA5 ] [Keyserver ] :: [] encrypted/signed plain text preferred -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDRPpJA7Qvptb0LKURAsdQAKCDM4797OODEaG4oZrh6ngY4MqU9wCfTJ/r pgkv/3N54kfgGt7HqXvki7E= =m21U -----END PGP SIGNATURE----- -- gentoo-security@g.o mailing list


Subject Author
Re: [gentoo-security] [OT?] automatically firewalling off IPs Kirk Hoganson <kirk2@×××××××××.com>
Re: [gentoo-security] [OT?] automatically firewalling off IPs William Kenworthy <billk@×××××××××.au>