[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Mail relay attempts

On Thu, Aug 29, 2002 at 05:47:10AM -0500, Daniel J. Rychlik wrote:
> If you use Iptables and you block spoofed addresses with Iptables,
> will that stop the spoofing in their tracks, therefore decreasing the
> chance of a DOS?  

Not necessarily. You can stop blind spoofing attacks where
ip's belonging to one NIC are not allowed to appear from 
another, something which is also stopped by a debian if 
the option is set in /etc/network/options.

A problem with this is that FreeSWAN forces you to disable
the anti-spoof protection on the NIC used by the tunnel
and they don't seem to think it worthwhile to fix the 
problem.

Another class of spoofing iptables can stop is if you
are blocking any incoming connections that are not 
associated with an existing outgoing connection.

However if you have any external access whatever, spoofing
attacks are possible, not only for DOS but for more
interesting blind attacks, particularly if someone manages
to predict a sequence number and capture a connection.
(Linux is fairly immune to prediction fortuneately.).

-- 
------------------------------------------------------
    Nuke bin Laden:           Dale Amon, CEO/MD
  improve the global          Islandone Society
     gene pool.               www.islandone.org
------------------------------------------------------
Reply to: