Re: Why does Debian allow all incoming traffic by default
Hi.
On Sat, Sep 22, 2018 at 09:46:35AM +0200, Pascal Hambourg wrote:
> Le 21/09/2018 à 20:32, Reco a écrit :
> >
> > Evil person makes a TCP connection to unprotected host, but forges
> > source IP. Host sends TCP RST to this forged IP, host acting as a
> > 'reflector' to an attack. And being a bad netizen at the same time.
> >
> > Evil person takes as many of such hosts as possible - and there goes
> > your old-fashioned RST DDOS.
>
> What is the attacker's benefit over just sending packets directly to the
> target with forged source addresses ?
The benefit is that one cannot pinpoint the real attacker, of course.
> Reflection attacks give a benefit for the attacker when the reflection
> provides some kind of amplification.
That's I agree with. Classic TCP RST flood does not offer any
amplification, that's why this kind of attack has more historic than
practical nature.
Reco
Reply to: