[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: New IIS worm



On Sun, Sep 23, 2001 at 02:08:40PM +1000, Sam Couter wrote:
> Karl E. Jorgensen <karl@jorgensen.com> wrote:
> > Doesn't this leave you open to DOS attacks? I'm thinking that source IP
> > addresses are relatively easy to forge, and hence an attacher can forge
> > a nimda attach and cause you to block off legitimate IP addresses -
> > ie. your DNS server our default gateway...
> 
> To forge a Nimda attack would require you to forge a TCP connection. That's
> not easy, unless the attacker is on the network path to the forged address.

Obvious, but true. I stand(/sit?) corrected.

> -- 
> Sam Couter          |   Internet Engineer   |   http://www.topic.com.au/
> sam@topic.com.au    |   tSA Consulting      |
> OpenPGP key ID:       DE89C75C,  available on key servers
> OpenPGP fingerprint:  A46B 9BB5 3148 7BEA 1F05  5BD5 8530 03AE DE89 C75C


-- 
Karl E. Jørgensen
karl@jorgensen.com
www.karl.jorgensen.com
==== Today's fortune:
We don't know who it was that discovered water, but we're pretty sure
that it wasn't a fish.
	-- Marshall McLuhan

Attachment: pgpcWMBPbffpO.pgp
Description: PGP signature


Reply to: