Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-security

From: Matan Peled <chaosite@×××××.com>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] [OT?] automatically firewalling off IPs
Date: Thu, 06 Oct 2005 10:25:24
Message-Id: 4344FA49.8050604@gmail.com
In Reply to: Re: [gentoo-security] [OT?] automatically firewalling off IPs by William Kenworthy
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 William Kenworthy wrote:
5 > Can anyone comment whether IP spoofing (for hiding country of origin) is
6 > common? Seems quite unlikely - at least at the current state of things.
7 > Is it even possible to tell (at the firewall interface?)
8 >
9 > BillK
10
11 I think that for hiding country of origin by IP spoofing is quite useless, at
12 least on the Internet (It might work on a single subnet, or if you pretend to be
13 another IP in your subnet, and then switches complicate it as well...)
14
15 AFAIK, you can't actually connect to a server with a spoofed IP, since the
16 server will send the reply packets to the spoofed IP, which will either drop
17 them or tell the server it doesn't want them.
18
19 Spoofed IPs are only good if you want to flood a server with them and not have
20 the admin know where they came from (not easily, anyway).
21
22 However, firewalls that automatically blacklist IPs that do weird things can be
23 exploited. Lets say you have connection rate limiting on your SSH port. I can
24 send your firewall spoofed packets that contain your IP, have it rate limit my
25 spoofed packets.
26
27 And then you can't connect. Not good...
28
29 Anyway, about hiding country of origin - its usually done using proxies. There
30 are many open proxies out there...
31
32 - --
33 [Name ] :: [Matan I. Peled ]
34 [Location ] :: [Israel ]
35 [Public Key] :: [0xD6F42CA5 ]
36 [Keyserver ] :: [keyserver.kjsl.com]
37 encrypted/signed plain text preferred
38
39 -----BEGIN PGP SIGNATURE-----
40 Version: GnuPG v1.4.1 (GNU/Linux)
41
42 iD8DBQFDRPpJA7Qvptb0LKURAsdQAKCDM4797OODEaG4oZrh6ngY4MqU9wCfTJ/r
43 pgkv/3N54kfgGt7HqXvki7E=
44 =m21U
45 -----END PGP SIGNATURE-----
46 --
47 gentoo-security@g.o mailing list

Replies

Subject Author
Re: [gentoo-security] [OT?] automatically firewalling off IPs William Kenworthy <billk@×××××××××.au>
Re: [gentoo-security] [OT?] automatically firewalling off IPs Kirk Hoganson <kirk2@×××××××××.com>
Report Message
Find on MARC Find on Google Groups