[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] locking out IP's
- Subject: Re: [cobalt-users] locking out IP's
- From: "Zeffie" <cobaltlist@xxxxxxxx>
- Date: Sun Dec 3 20:46:19 2000
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
----- Original Message -----
From: "H.P. Stroebel"
> Zeffie schrieb:
>
> > /sbin/route add -host <ip-adress> reject
> > from the man page
> > reject Modifier installs a blocking route, which will
> > force a route lookup to fail. This is for example
> > used to mask out networks before using the default
> > route. This is NOT for firewalling.
>
> Of course, it is not firewalling. Firewalling is much more
> sophisticated, but more complicated, too.
>
> It`s more a quick and dirty, but quite effective hack. The effect is
> that all packets to this host are dropped. The server does not respond
> anymore to the requesting host. It seems to be dead, a blackhole. This
> affects all requests on all ports and on all assigned IP`s.
> which means I can write my name in the snow but I can't read it back or
even
> > know if I did it right...
>
> I don`t understand ? You have doubts ?
I know it does work but I don't see it as an effective defense against
attackers. It seems to me that it will only stop the responses from the
server getting back to the attacker and not the content they are sending to
the box.
ie: with a proven hack one could automate the whole thing and never need to
get a response from the server.
I would rather not chat to much about this on list. feel free to contact me
offlist.
Zeffie