1 |
I agree, it would be an obvious spoof to the gateway, but I think when |
2 |
packets are being routed, devices are only concerning themselves with |
3 |
how to get the packet to the destination. I'm more concerned with |
4 |
fooling the would-be attacker. I could even go so far as trying to |
5 |
determine what brand/model my gateway is, so that way my 'spoofed' |
6 |
replies could match it's fingerprinting characteristics (TTL, DF, MSS, |
7 |
MTU, etc.) Of course, this is all useless if I am providing any |
8 |
services to the Internet. But if I'm not, would it reduce the number of |
9 |
attacks if they can't see me? |
10 |
|
11 |
-----Original Message----- |
12 |
From: Frank Gruellich [mailto:frank@××××××××××××.org] |
13 |
Sent: Friday, January 09, 2004 3:05 AM |
14 |
To: gentoo-security@l.g.o |
15 |
Subject: Re: [gentoo-security] firewall suggestions? |
16 |
|
17 |
* Bob Crain <robert.crain@×××××××.net> 8. Jan 04 |
18 |
> I've got DSL, and I know the IP of my gateway. When I want to appear |
19 |
> invisible, I respond to unwanted packets with a 'REJECT - ICMP host |
20 |
> unreachable' that has a spoofed source address of my gateway? That |
21 |
way, |
22 |
> it looks like the gateway responded and I don't exist! |
23 |
> |
24 |
> Whadduya think? |
25 |
|
26 |
Nice idea, but the packet has to traverse the gateway, too... a gateway |
27 |
that forwards a paket with itself as origin? This would be a very |
28 |
obvious spoof. |
29 |
|
30 |
Regards, Frank. |
31 |
-- |
32 |
Sigmentation fault |
33 |
|
34 |
-- |
35 |
gentoo-security@g.o mailing list |
36 |
|
37 |
|
38 |
|
39 |
|
40 |
-- |
41 |
gentoo-security@g.o mailing list |