Gentoo Archives: gentoo-security

From: Kirk Hoganson <kirk2@×××××××××.com>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] [OT?] automatically firewalling off IPs
Date: Thu, 06 Oct 2005 20:58:30
Message-Id: 434590E3.5080306@lenderlab.com
In Reply to: Re: [gentoo-security] [OT?] automatically firewalling off IPs by Matan Peled
Matan Peled said the following:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > William Kenworthy wrote: > >>Can anyone comment whether IP spoofing (for hiding country of origin) is >>common? Seems quite unlikely - at least at the current state of things. >>Is it even possible to tell (at the firewall interface?) >> >>BillK > > > I think that for hiding country of origin by IP spoofing is quite useless, at > least on the Internet (It might work on a single subnet, or if you pretend to be > another IP in your subnet, and then switches complicate it as well...) >
I think it depends on your purpose. It is easy to get around, but blocking whole ranges based on country could help cut down on the vulerability scans that can be so annoying. Our country does no business with China, yet various subnets are frequently scanned from addresses originating there. Blocking those ranges would cause most of them to move on. It is likely that you already block whole invalid subnets in your firewall rules anyway. -- gentoo-security@g.o mailing list

Replies

Subject Author
Re: [gentoo-security] [OT?] automatically firewalling off IPs Brian Micek <bmicek@×××××××××.net>