Re: Why does Debian allow all incoming traffic by default

To: debian-user@lists.debian.org
Subject: Re: Why does Debian allow all incoming traffic by default
From: Reco <recoverym4n@gmail.com>
Date: Sat, 22 Sep 2018 14:22:35 +0300
Message-id: <[🔎] 20180922112235.xsga66czbizqhznf@p5k.home>
In-reply-to: <[🔎] ab8e3a0c-c622-4f84-e8bc-2b1f10b19dfb@plouf.fr.eu.org>
References: <[🔎] da96e6a3-ac34-8d4f-7784-4776e95aee5f@gmail.com> <[🔎] 20180921125521.q2yujmwctvrotnn3@smallapple.itcfollmann.com> <[🔎] 20180921162522.ngupesjxadywsnin@p5k.home> <[🔎] 21092018190703.dfa319572b7e@desktop.copernicus.org.uk> <[🔎] 20180921183245.tu6uwcewbdxh4gvb@p5k.home> <[🔎] 56a07fc2-672d-bf3a-6d17-707f969638cb@plouf.fr.eu.org> <[🔎] 20180922095158.6ex6snk4okmsycg4@p5k.home> <[🔎] ab8e3a0c-c622-4f84-e8bc-2b1f10b19dfb@plouf.fr.eu.org>

	Hi.

On Sat, Sep 22, 2018 at 12:58:02PM +0200, Pascal Hambourg wrote:
> Le 22/09/2018 à 11:51, Reco a écrit :
> > 
> > On Sat, Sep 22, 2018 at 09:46:35AM +0200, Pascal Hambourg wrote:
> > > Le 21/09/2018 à 20:32, Reco a écrit :
> > > > 
> > > > Evil person makes a TCP connection to unprotected host, but forges
> > > > source IP. Host sends TCP RST to this forged IP, host acting as a
> > > > 'reflector' to an attack. And being a bad netizen at the same time.
> > > > 
> > > > Evil person takes as many of such hosts as possible - and there goes
> > > > your old-fashioned RST DDOS.
> > > 
> > > What is the attacker's benefit over just sending packets directly to the
> > > target with forged source addresses ?
> > 
> > The benefit is that one cannot pinpoint the real attacker, of course.
> 
> Isn't the same benefit provided by just forging the source address ?

Unsure. I only have theoretical knowledge of such attacks, never
performed one myself.
Defending against the thing - that's something I'm more versed with.

Reco

Reply to:

References:
- Why does Debian allow all incoming traffic by default
  - From: Subhadip Ghosh <subhadip.sky@gmail.com>
- Re: Why does Debian allow all incoming traffic by default
  - From: Henning Follmann <hfollmann@itcfollmann.com>
- Re: Why does Debian allow all incoming traffic by default
  - From: Reco <recoverym4n@gmail.com>
- Re: Why does Debian allow all incoming traffic by default
  - From: Brian <ad44@cityscape.co.uk>
- Re: Why does Debian allow all incoming traffic by default
  - From: Reco <recoverym4n@gmail.com>
- Re: Why does Debian allow all incoming traffic by default
  - From: Pascal Hambourg <pascal@plouf.fr.eu.org>
- Re: Why does Debian allow all incoming traffic by default
  - From: Reco <recoverym4n@gmail.com>
- Re: Why does Debian allow all incoming traffic by default
  - From: Pascal Hambourg <pascal@plouf.fr.eu.org>

Prev by Date: Re: Why does Debian allow all incoming traffic by default
Next by Date: Re: Why does Debian allow all incoming traffic by default
Previous by thread: Re: Why does Debian allow all incoming traffic by default
Next by thread: Re: Why does Debian allow all incoming traffic by default
Index(es):
- Date
- Thread