From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.50) id 1ENiBf-000454-54 for garchives@archives.gentoo.org; Fri, 07 Oct 2005 02:42:19 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.5/8.13.5) with SMTP id j972WAK8025734; Fri, 7 Oct 2005 02:32:10 GMT Received: from scout.glines.com (scout.glines.com [69.9.187.110]) by robin.gentoo.org (8.13.5/8.13.5) with ESMTP id j972SiZ0003502 for ; Fri, 7 Oct 2005 02:28:45 GMT Received: (qmail 18687 invoked by uid 89); 7 Oct 2005 02:37:27 -0000 Received: from unknown (HELO SPRITE) (tad@glines.com@10.8.0.2) by scout.glines.com with (RC4-MD5 encrypted) SMTP; 7 Oct 2005 02:37:27 -0000 From: "Tad Glines" To: Subject: RE: [gentoo-security] [OT?] automatically firewalling off IPs Date: Thu, 6 Oct 2005 19:37:31 -0700 Message-ID: <003301c5cae8$118ace20$0200080a@SPRITE> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-security@gentoo.org Reply-to: gentoo-security@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.6626 In-Reply-To: <4344DCBD.9010804@gmail.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527 Importance: Normal Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by robin.gentoo.org id j972SiZ0003502 X-Archives-Salt: 06b108e4-b1d0-4b4e-bd52-3f23d62d30ef X-Archives-Hash: 87afb7161ee55cf3657272bb6f1993ad The intent wasn't to be 100% secure. It was to really slow down the script kiddies that where clogging my server logs. As for IP spoofing. Spoofing an IP packet source address is really easy, which is why blocking DDoS attacks can be difficult. However, if you want to have an actual two-way conversation with a computer you have to find a third host that supports loose source routing (any older windoze box will do). Most infrastructure routers on the net drop/block packets with source route options so spoofing the source IP of a TCP conversation is not generally practical over the internet. -Tad > -----Original Message----- > From: Matan Peled [mailto:chaosite@gmail.com] > Sent: Thursday, October 06, 2005 1:14 AM > To: gentoo-security@lists.gentoo.org > Subject: Re: [gentoo-security] [OT?] automatically firewalling off IPs > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Tad Glines wrote: > > These rules only block out the offending IP. All others remain un- > blocked. > > IP spoofing. It isn't that far fetched, really... > > > - -- > [Name ] :: [Matan I. Peled ] > [Location ] :: [Israel ] > [Public Key] :: [0xD6F42CA5 ] > [Keyserver ] :: [keyserver.kjsl.com] > encrypted/signed plain text preferred > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.1 (GNU/Linux) > > iD8DBQFDRNy9A7Qvptb0LKURAhauAJ9eAx9RhXOGfWz2h6BX122ULW1JGgCfTEyT > v+4I9OQxcEWAuuqYenD+ejk= > =PQtc > -----END PGP SIGNATURE----- > -- > gentoo-security@gentoo.org mailing list -- gentoo-security@gentoo.org mailing list