[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Why does Debian allow all incoming traffic by default

Le 22/09/2018 à 11:51, Reco a écrit :

On Sat, Sep 22, 2018 at 09:46:35AM +0200, Pascal Hambourg wrote:
Le 21/09/2018 à 20:32, Reco a écrit :

Evil person makes a TCP connection to unprotected host, but forges
source IP. Host sends TCP RST to this forged IP, host acting as a
'reflector' to an attack. And being a bad netizen at the same time.

Evil person takes as many of such hosts as possible - and there goes
your old-fashioned RST DDOS.

What is the attacker's benefit over just sending packets directly to the
target with forged source addresses ?

The benefit is that one cannot pinpoint the real attacker, of course.

Isn't the same benefit provided by just forging the source address ?

Reply to: