[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sheflug] Re: Security : Port scanning

To: shef-lug [at] xxxxxxxxxxxxxxxxxxx
Subject: Re: [Sheflug] Re: Security : Port scanning
From: M <martin.sillence [at] xxxxxxxxxxxxxxxx>
Date: Thu, 8 May 2003 14:38:14 +0100
Delivered-to: shef-lug [at] list.sheflug.org.uk
List-help: <mailto:shef-lug-request [at] list.sheflug.org.uk?subject=help>
List-id: Sheflug <shef-lug.list.sheflug.org.uk>
List-post: <mailto:shef-lug [at] list.sheflug.org.uk>
List-subscribe: <http://community.uklinux.net/mailman/listinfo/shef-lug>,<mailto:shef-lug-request [at] list.sheflug.org.uk?subject=subscribe>
List-unsubscribe: <http://community.uklinux.net/mailman/listinfo/shef-lug>,<mailto:shef-lug-request [at] list.sheflug.org.uk?subject=unsubscribe>
Reply-to: shef-lug [at] xxxxxxxxxxxxxxxxxxx
Sender: shef-lug-admin [at] xxxxxxxxxxxxxxxxxxx

On Thu, 8 May 2003 12:20:30 +0100 (BST)
"Chris J" <cej [at] nightwolf.org.uk> wrote:

> 
> And Lo! Tthe Great Prophet " M" uttered these words of wisdom...
> > Richard Ibbotson <richard [at] sheflug.co.uk> wrote:
> >
> >>
> >> Lot of scanning going on from spoofed and falsified addresses.
> >
> > Spoofing an adress for port scanning isn't likely to be of much
> > use as you can't see the results coming back or am I missing
> > something?
> 
> Well, it is possible to put source routing in an IP header, so a
> spoofed packet can get back if there's a route it can follow. I don't
> know how many routers drop source routed packets these days --
> certainly border gateways and bastions /should/ drop source routed
> packets, as their origin is unknown and could be hostile.

I understand most routers on the internet are configured to ignore
source routed information, they route according to the destination
address only.

> Spoofing is much better for DOS and DDOS attacks. You don't care about
> the return packets, and if anything spoofing an IP address can help
> the DOS as the target's machine, or the immediate downstream router
> may end up generating ICMP packets saying "host/protocol/route
> unrechable", giving the attacker 2 network packets for the price of 1.

Agreed, such as smurf attacks..

-- 
Regards,
M

Martin Sillence
PR Newswire

DL +44 (0)1865 78 5065
F  +44 (0)1865 78 5100
W  www.prnewswire.co.uk
---------------------------------------

"We tell your story to the world." 

NEWS TARGETING * REGULATORY & GLOBAL NEWS DISTRIBUTION * MULTIMEDIA *
NEWS MONITORING

Any views or opinions are solely those of the author and do not
necessarily represent those of PR Newswire Europe. The e-mail contents
are intended only for addressee and may contain confidential and/or
privileged material. If you are not the intended recipient, please do
not read, copy, use or disclose this communication
___________________________________________________________________

Sheffield Linux User's Group -
http://www.sheflug.co.uk/mailfaq.html

  GNU the choice of a complete generation.

Follow-Ups:
- Re: [Sheflug] Re: Security : Port scanning
  - From: Chris J

References:
- RE: [Sheflug] Re: Security : Port scanning
  - From: Morris, David (Allvac, UK)
- Re: [Sheflug] Re: Security : Port scanning
  - From: M
- Re: [Sheflug] Re: Security : Port scanning
  - From: Chris J

Prev by Date: Re: [Sheflug] Antivirus
Next by Date: Re: [Sheflug] Re: Security : Port scanning
Previous by thread: Re: [Sheflug] Re: Security : Port scanning
Next by thread: Re: [Sheflug] Re: Security : Port scanning
Index(es):
- Date
- Thread