RE: [gentoo-security] [OT?] automatically firewalling off IPs

public inbox for gentoo-security@lists.gentoo.org
 help / color / mirror / Atom feed

From: "Tad Glines" <tad@glines.com>
To: <gentoo-security@lists.gentoo.org>
Subject: RE: [gentoo-security] [OT?] automatically firewalling off IPs
Date: Thu, 6 Oct 2005 19:37:31 -0700	[thread overview]
Message-ID: <003301c5cae8$118ace20$0200080a@SPRITE> (raw)
In-Reply-To: <4344DCBD.9010804@gmail.com>

The intent wasn't to be 100% secure. It was to really slow down the script
kiddies that where clogging my server logs.

As for IP spoofing. Spoofing an IP packet source address is really easy,
which is why blocking DDoS attacks can be difficult. However, if you want to
have an actual two-way conversation with a computer you have to find a third
host that supports loose source routing (any older windoze box will do).
Most infrastructure routers on the net drop/block packets with source route
options so spoofing the source IP of a TCP conversation is not generally
practical over the internet.

-Tad

> -----Original Message-----
> From: Matan Peled [mailto:chaosite@gmail.com]
> Sent: Thursday, October 06, 2005 1:14 AM
> To: gentoo-security@lists.gentoo.org
> Subject: Re: [gentoo-security] [OT?] automatically firewalling off IPs
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Tad Glines wrote:
> > These rules only block out the offending IP. All others remain un-
> blocked.
> 
> IP spoofing. It isn't that far fetched, really...
> 
> 
> - --
> [Name      ]   ::  [Matan I. Peled    ]
> [Location  ]   ::  [Israel            ]
> [Public Key]   ::  [0xD6F42CA5        ]
> [Keyserver ]   ::  [keyserver.kjsl.com]
> encrypted/signed  plain text  preferred
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (GNU/Linux)
> 
> iD8DBQFDRNy9A7Qvptb0LKURAhauAJ9eAx9RhXOGfWz2h6BX122ULW1JGgCfTEyT
> v+4I9OQxcEWAuuqYenD+ejk=
> =PQtc
> -----END PGP SIGNATURE-----
> --
> gentoo-security@gentoo.org mailing list

-- 
gentoo-security@gentoo.org mailing list

next prev parent reply	other threads:[~2005-10-07  2:42 UTC|newest]

Thread overview: 47+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-10-02 21:10 [gentoo-security] [OT?] automatically firewalling off IPs Jeremy Brake
2005-10-02 21:19 ` MaxieZ
2005-10-02 22:29   ` J Holder
2005-10-03  2:52     ` Brian Micek
2005-10-03 13:01   ` David vasil
2005-10-03 13:18     ` rpfc
2005-10-03 17:06       ` Kirk Hoganson
2005-10-04 16:25         ` boger
2005-10-04 17:16           ` Kirk Hoganson
2005-10-04 18:42             ` boger
2005-10-04 20:30               ` Kirk Hoganson
2005-10-04 20:42                 ` boger
2005-10-04 19:45             ` [gentoo-security] Port knocking Tobias Sager
2005-10-04 20:20               ` boger
2005-10-02 21:24 ` [gentoo-security] [OT?] automatically firewalling off IPs Tad Glines
2005-10-02 22:53   ` Alex Efros
2005-10-02 23:02     ` Marc Risse
2005-10-06  1:40     ` Tad Glines
2005-10-06  8:13       ` Matan Peled
2005-10-06  9:15         ` William Kenworthy
2005-10-06 10:19           ` Matan Peled
2005-10-06 12:44             ` William Kenworthy
2005-10-06 21:02             ` Kirk Hoganson
2005-10-06 21:05               ` Brian Micek
2005-10-07  2:37         ` Tad Glines [this message]
2005-10-07 18:47           ` Eric Paynter
2005-10-08 13:40             ` RADDS Support Team
2005-10-02 21:33 ` DeadManMoving
2005-10-02 21:37 ` Hemmann, Volker Armin
2005-10-02 21:56   ` Alec Joseph Warner
2005-10-02 22:13   ` xyon
2005-10-02 21:53 ` Hassan El-Masri
2005-10-02 21:57 ` Andreas Waschbuesch
2005-10-02 22:20 ` darren kirby
2005-10-03  7:53 ` Christophe Garault
2005-10-03  8:29   ` Jerry Eastmanhouser
2005-10-03 10:58 ` Dave Strydom [i*]Group
2005-10-03 12:25 ` Oscar Carlsson
2005-10-03 13:29 ` Dan Shookowsky
2005-10-03 23:26 ` Jeremy Brake
2005-10-04  6:15   ` Joerg Mertin
2005-10-04  8:55     ` Dave Strydom
2005-10-04 14:45       ` Kyle Lutze
2005-10-04 14:49         ` Dave Strydom
2005-10-04 17:42           ` Kyle Lutze
2005-10-04 17:52           ` Neil Cherry
2005-10-05 16:46       ` Robert Larson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='003301c5cae8$118ace20$0200080a@SPRITE' \
    --to=tad@glines.com \
    --cc=gentoo-security@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox