Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Matan Peled <chaosite@...>
Subject: Re: [OT?] automatically firewalling off IPs
Date: Thu, 06 Oct 2005 13:19:53 +0300
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

William Kenworthy wrote:
> Can anyone comment whether IP spoofing (for hiding country of origin) is
> common?  Seems quite unlikely - at least at the current state of things.
> Is it even possible to tell (at the firewall interface?)
> 
> BillK

I think that for hiding country of origin by IP spoofing is quite useless, at
least on the Internet (It might work on a single subnet, or if you pretend to be
another IP in your subnet, and then switches complicate it as well...)

AFAIK, you can't actually connect to a server with a spoofed IP, since the
server will send the reply packets to the spoofed IP, which will either drop
them or tell the server it doesn't want them.

Spoofed IPs are only good if you want to flood a server with them and not have
the admin know where they came from (not easily, anyway).

However, firewalls that automatically blacklist IPs that do weird things can be
exploited. Lets say you have connection rate limiting on your SSH port. I can
send your firewall spoofed packets that contain your IP, have it rate limit my
spoofed packets.

And then you can't connect. Not good...

Anyway, about hiding country of origin - its usually done using proxies. There
are many open proxies out there...

- --
[Name      ]   ::  [Matan I. Peled    ]
[Location  ]   ::  [Israel            ]
[Public Key]   ::  [0xD6F42CA5        ]
[Keyserver ]   ::  [keyserver.kjsl.com]
encrypted/signed  plain text  preferred

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDRPpJA7Qvptb0LKURAsdQAKCDM4797OODEaG4oZrh6ngY4MqU9wCfTJ/r
pgkv/3N54kfgGt7HqXvki7E=
=m21U
-----END PGP SIGNATURE-----
-- 
gentoo-security@g.o mailing list


Replies:
Re: [OT?] automatically firewalling off IPs
-- Kirk Hoganson
Re: [OT?] automatically firewalling off IPs
-- William Kenworthy
References:
RE: [OT?] automatically firewalling off IPs
-- Tad Glines
Re: [OT?] automatically firewalling off IPs
-- Matan Peled
Re: [OT?] automatically firewalling off IPs
-- William Kenworthy
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: [OT?] automatically firewalling off IPs
Next by thread:
Re: [OT?] automatically firewalling off IPs
Previous by date:
Re: [OT?] automatically firewalling off IPs
Next by date:
Re: [OT?] automatically firewalling off IPs


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.