1 |
The intent wasn't to be 100% secure. It was to really slow down the script |
2 |
kiddies that where clogging my server logs. |
3 |
|
4 |
As for IP spoofing. Spoofing an IP packet source address is really easy, |
5 |
which is why blocking DDoS attacks can be difficult. However, if you want to |
6 |
have an actual two-way conversation with a computer you have to find a third |
7 |
host that supports loose source routing (any older windoze box will do). |
8 |
Most infrastructure routers on the net drop/block packets with source route |
9 |
options so spoofing the source IP of a TCP conversation is not generally |
10 |
practical over the internet. |
11 |
|
12 |
-Tad |
13 |
|
14 |
> -----Original Message----- |
15 |
> From: Matan Peled [mailto:chaosite@×××××.com] |
16 |
> Sent: Thursday, October 06, 2005 1:14 AM |
17 |
> To: gentoo-security@l.g.o |
18 |
> Subject: Re: [gentoo-security] [OT?] automatically firewalling off IPs |
19 |
> |
20 |
> -----BEGIN PGP SIGNED MESSAGE----- |
21 |
> Hash: SHA1 |
22 |
> |
23 |
> Tad Glines wrote: |
24 |
> > These rules only block out the offending IP. All others remain un- |
25 |
> blocked. |
26 |
> |
27 |
> IP spoofing. It isn't that far fetched, really... |
28 |
> |
29 |
> |
30 |
> - -- |
31 |
> [Name ] :: [Matan I. Peled ] |
32 |
> [Location ] :: [Israel ] |
33 |
> [Public Key] :: [0xD6F42CA5 ] |
34 |
> [Keyserver ] :: [keyserver.kjsl.com] |
35 |
> encrypted/signed plain text preferred |
36 |
> |
37 |
> -----BEGIN PGP SIGNATURE----- |
38 |
> Version: GnuPG v1.4.1 (GNU/Linux) |
39 |
> |
40 |
> iD8DBQFDRNy9A7Qvptb0LKURAhauAJ9eAx9RhXOGfWz2h6BX122ULW1JGgCfTEyT |
41 |
> v+4I9OQxcEWAuuqYenD+ejk= |
42 |
> =PQtc |
43 |
> -----END PGP SIGNATURE----- |
44 |
> -- |
45 |
> gentoo-security@g.o mailing list |
46 |
|
47 |
|
48 |
-- |
49 |
gentoo-security@g.o mailing list |