Re: Why does Debian allow all incoming traffic by default

To: debian-user@lists.debian.org
Subject: Re: Why does Debian allow all incoming traffic by default
From: Stefan Monnier <monnier@iro.umontreal.ca>
Date: Sat, 22 Sep 2018 16:16:10 -0400
Message-id: <[🔎] jwv7ejd8f33.fsf-monnier+gmane.linux.debian.user@gnu.org>
References: <[🔎] da96e6a3-ac34-8d4f-7784-4776e95aee5f@gmail.com> <[🔎] 20180921125521.q2yujmwctvrotnn3@smallapple.itcfollmann.com> <[🔎] 20180921162522.ngupesjxadywsnin@p5k.home> <[🔎] 21092018190703.dfa319572b7e@desktop.copernicus.org.uk> <[🔎] 20180921183245.tu6uwcewbdxh4gvb@p5k.home> <[🔎] 56a07fc2-672d-bf3a-6d17-707f969638cb@plouf.fr.eu.org> <[🔎] 20180922095158.6ex6snk4okmsycg4@p5k.home> <[🔎] ab8e3a0c-c622-4f84-e8bc-2b1f10b19dfb@plouf.fr.eu.org> <[🔎] 20180922195814.GA22096@tuxteam.de>

> [...]
>> >The benefit is that one cannot pinpoint the real attacker, of course.
>> Isn't the same benefit provided by just forging the source address ?
> If all the routers in the path play along... but then, they are all
> broken.

There's also the fact that all those RST packets can come from all over
the place and they come from where they say they come.
So they're a lot more difficult to block, compared to packets with
a forged source address all coming from the same IP.


        Stefan

Reply to:

Follow-Ups:
- Re: Why does Debian allow all incoming traffic by default
  - From: Pascal Hambourg <pascal@plouf.fr.eu.org>

References:
- Why does Debian allow all incoming traffic by default
  - From: Subhadip Ghosh <subhadip.sky@gmail.com>
- Re: Why does Debian allow all incoming traffic by default
  - From: Henning Follmann <hfollmann@itcfollmann.com>
- Re: Why does Debian allow all incoming traffic by default
  - From: Reco <recoverym4n@gmail.com>
- Re: Why does Debian allow all incoming traffic by default
  - From: Brian <ad44@cityscape.co.uk>
- Re: Why does Debian allow all incoming traffic by default
  - From: Reco <recoverym4n@gmail.com>
- Re: Why does Debian allow all incoming traffic by default
  - From: Pascal Hambourg <pascal@plouf.fr.eu.org>
- Re: Why does Debian allow all incoming traffic by default
  - From: Reco <recoverym4n@gmail.com>
- Re: Why does Debian allow all incoming traffic by default
  - From: Pascal Hambourg <pascal@plouf.fr.eu.org>
- Re: Why does Debian allow all incoming traffic by default
  - From: <tomas@tuxteam.de>

Prev by Date: Re: Why does Debian allow all incoming traffic by default
Next by Date: Re: Why does Debian allow all incoming traffic by default
Previous by thread: Re: Why does Debian allow all incoming traffic by default
Next by thread: Re: Why does Debian allow all incoming traffic by default
Index(es):
- Date
- Thread