Gentoo Archives: gentoo-security

From: Bob Crain <robert.crain@×××××××.net>
To: gentoo-security@l.g.o
Subject: RE: [gentoo-security] firewall suggestions?
Date: Fri, 09 Jan 2004 09:17:09
Message-Id: 000001c3d691$0fa06e00$0b00a8c0@crichton
In Reply to: Re: [gentoo-security] firewall suggestions? by Frank Gruellich
I agree, it would be an obvious spoof to the gateway, but I think when
packets are being routed, devices are only concerning themselves with
how to get the packet to the destination.  I'm more concerned with
fooling the would-be attacker.  I could even go so far as trying to
determine what brand/model my gateway is, so that way my 'spoofed'
replies could match it's fingerprinting characteristics (TTL, DF, MSS,
MTU, etc.)  Of course, this is all useless if I am providing any
services to the Internet.  But if I'm not, would it reduce the number of
attacks if they can't see me?

-----Original Message-----
From: Frank Gruellich [mailto:frank@××××××××××××.org] 
Sent: Friday, January 09, 2004 3:05 AM
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] firewall suggestions?

* Bob Crain <robert.crain@×××××××.net>  8. Jan 04
> I've got DSL, and I know the IP of my gateway. When I want to appear > invisible, I respond to unwanted packets with a 'REJECT - ICMP host > unreachable' that has a spoofed source address of my gateway? That
> it looks like the gateway responded and I don't exist! > > Whadduya think?
Nice idea, but the packet has to traverse the gateway, too... a gateway that forwards a paket with itself as origin? This would be a very obvious spoof. Regards, Frank. -- Sigmentation fault -- gentoo-security@g.o mailing list -- gentoo-security@g.o mailing list