| 1 |
The intent wasn't to be 100% secure. It was to really slow down the script |
| 2 |
kiddies that where clogging my server logs. |
| 3 |
|
| 4 |
As for IP spoofing. Spoofing an IP packet source address is really easy, |
| 5 |
which is why blocking DDoS attacks can be difficult. However, if you want to |
| 6 |
have an actual two-way conversation with a computer you have to find a third |
| 7 |
host that supports loose source routing (any older windoze box will do). |
| 8 |
Most infrastructure routers on the net drop/block packets with source route |
| 9 |
options so spoofing the source IP of a TCP conversation is not generally |
| 10 |
practical over the internet. |
| 11 |
|
| 12 |
-Tad |
| 13 |
|
| 14 |
> -----Original Message----- |
| 15 |
> From: Matan Peled [mailto:chaosite@×××××.com] |
| 16 |
> Sent: Thursday, October 06, 2005 1:14 AM |
| 17 |
> To: gentoo-security@l.g.o |
| 18 |
> Subject: Re: [gentoo-security] [OT?] automatically firewalling off IPs |
| 19 |
> |
| 20 |
> -----BEGIN PGP SIGNED MESSAGE----- |
| 21 |
> Hash: SHA1 |
| 22 |
> |
| 23 |
> Tad Glines wrote: |
| 24 |
> > These rules only block out the offending IP. All others remain un- |
| 25 |
> blocked. |
| 26 |
> |
| 27 |
> IP spoofing. It isn't that far fetched, really... |
| 28 |
> |
| 29 |
> |
| 30 |
> - -- |
| 31 |
> [Name ] :: [Matan I. Peled ] |
| 32 |
> [Location ] :: [Israel ] |
| 33 |
> [Public Key] :: [0xD6F42CA5 ] |
| 34 |
> [Keyserver ] :: [keyserver.kjsl.com] |
| 35 |
> encrypted/signed plain text preferred |
| 36 |
> |
| 37 |
> -----BEGIN PGP SIGNATURE----- |
| 38 |
> Version: GnuPG v1.4.1 (GNU/Linux) |
| 39 |
> |
| 40 |
> iD8DBQFDRNy9A7Qvptb0LKURAhauAJ9eAx9RhXOGfWz2h6BX122ULW1JGgCfTEyT |
| 41 |
> v+4I9OQxcEWAuuqYenD+ejk= |
| 42 |
> =PQtc |
| 43 |
> -----END PGP SIGNATURE----- |
| 44 |
> -- |
| 45 |
> gentoo-security@g.o mailing list |
| 46 |
|
| 47 |
|
| 48 |
-- |
| 49 |
gentoo-security@g.o mailing list |
Archives