1 |
Matan Peled said the following: |
2 |
> -----BEGIN PGP SIGNED MESSAGE----- |
3 |
> Hash: SHA1 |
4 |
> |
5 |
> William Kenworthy wrote: |
6 |
> |
7 |
>>Can anyone comment whether IP spoofing (for hiding country of origin) is |
8 |
>>common? Seems quite unlikely - at least at the current state of things. |
9 |
>>Is it even possible to tell (at the firewall interface?) |
10 |
>> |
11 |
>>BillK |
12 |
> |
13 |
> |
14 |
> I think that for hiding country of origin by IP spoofing is quite useless, at |
15 |
> least on the Internet (It might work on a single subnet, or if you pretend to be |
16 |
> another IP in your subnet, and then switches complicate it as well...) |
17 |
> |
18 |
|
19 |
I think it depends on your purpose. It is easy to get around, but |
20 |
blocking whole ranges based on country could help cut down on the |
21 |
vulerability scans that can be so annoying. Our country does no |
22 |
business with China, yet various subnets are frequently scanned from |
23 |
addresses originating there. Blocking those ranges would cause most of |
24 |
them to move on. It is likely that you already block whole invalid |
25 |
subnets in your firewall rules anyway. |
26 |
-- |
27 |
gentoo-security@g.o mailing list |