List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
The intent wasn't to be 100% secure. It was to really slow down the script
kiddies that where clogging my server logs.
As for IP spoofing. Spoofing an IP packet source address is really easy,
which is why blocking DDoS attacks can be difficult. However, if you want to
have an actual two-way conversation with a computer you have to find a third
host that supports loose source routing (any older windoze box will do).
Most infrastructure routers on the net drop/block packets with source route
options so spoofing the source IP of a TCP conversation is not generally
practical over the internet.
> -----Original Message-----
> From: Matan Peled [mailto:chaosite@...]
> Sent: Thursday, October 06, 2005 1:14 AM
> To: email@example.com
> Subject: Re: [gentoo-security] [OT?] automatically firewalling off IPs
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Tad Glines wrote:
> > These rules only block out the offending IP. All others remain un-
> IP spoofing. It isn't that far fetched, really...
> - --
> [Name ] :: [Matan I. Peled ]
> [Location ] :: [Israel ]
> [Public Key] :: [0xD6F42CA5 ]
> [Keyserver ] :: [keyserver.kjsl.com]
> encrypted/signed plain text preferred
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (GNU/Linux)
> -----END PGP SIGNATURE-----
> firstname.lastname@example.org mailing list
email@example.com mailing list