[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sheflug] Re: Security : Port scanning



On Thu, 8 May 2003 12:20:30 +0100 (BST)
"Chris J" <cej [at] nightwolf.org.uk> wrote:

> 
> And Lo! Tthe Great Prophet " M" uttered these words of wisdom...
> > Richard Ibbotson <richard [at] sheflug.co.uk> wrote:
> >
> >>
> >> Lot of scanning going on from spoofed and falsified addresses.
> >
> > Spoofing an adress for port scanning isn't likely to be of much
> > use as you can't see the results coming back or am I missing
> > something?
> 
> Well, it is possible to put source routing in an IP header, so a
> spoofed packet can get back if there's a route it can follow. I don't
> know how many routers drop source routed packets these days --
> certainly border gateways and bastions /should/ drop source routed
> packets, as their origin is unknown and could be hostile.

I understand most routers on the internet are configured to ignore
source routed information, they route according to the destination
address only.

> Spoofing is much better for DOS and DDOS attacks. You don't care about
> the return packets, and if anything spoofing an IP address can help
> the DOS as the target's machine, or the immediate downstream router
> may end up generating ICMP packets saying "host/protocol/route
> unrechable", giving the attacker 2 network packets for the price of 1.

Agreed, such as smurf attacks..

-- 
Regards,
M

Martin Sillence
PR Newswire

DL +44 (0)1865 78 5065
F  +44 (0)1865 78 5100
W  www.prnewswire.co.uk
---------------------------------------

"We tell your story to the world." 

NEWS TARGETING * REGULATORY & GLOBAL NEWS DISTRIBUTION * MULTIMEDIA *
NEWS MONITORING

Any views or opinions are solely those of the author and do not
necessarily represent those of PR Newswire Europe. The e-mail contents
are intended only for addressee and may contain confidential and/or
privileged material. If you are not the intended recipient, please do
not read, copy, use or disclose this communication
___________________________________________________________________

Sheffield Linux User's Group -
http://www.sheflug.co.uk/mailfaq.html

  GNU the choice of a complete generation.