[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Mail relay attempts

On Thu, Aug 29, 2002 at 05:47:10AM -0500, Daniel J. Rychlik wrote:
> If you use Iptables and you block spoofed addresses with Iptables,
> will that stop the spoofing in their tracks, therefore decreasing the
> chance of a DOS?  

No.  For example, let's say someone manages to spoof "mailout.aol.com" [1]
and then connects to you.  You will now block all mail from AOL (hmm,
perhaps that's a bad example :)

In other words, unless the source address is a reserved address or one
of your local addresses, you really don't know if it's spoofed or not
(barring some sort of cryptographic challenge, like IPSEC).

This is why all ISPs should apply filters at their ingress/egress
points.  Unfortunately, many do not.
Nathan Norman - Micromuse Ltd. mailto:nnorman@micromuse.com
  Whenever men attempt to suppress argument and free speech, we may
  be sure that they know their cause to be a bad one.
          -- R. G. Horton

[1] I made up that host name; you get the idea.

Attachment: pgp76IMjmjKca.pgp
Description: PGP signature

Reply to: