[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Hacking attempts on certain port what is thisused for?
- Subject: Re: [cobalt-users] Hacking attempts on certain port what is thisused for?
- From: flash22@xxxxxxx
- Date: Thu Feb 22 00:33:50 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
On Thu, 22 Feb 2001 inc@xxxxxxxxxxxxx wrote:
>
>
> > Now if I could just figure out how to *not* clear out the
> > hosts.deny file when I reboot, I'd be all set. ;)
>
> what are the implications of "faked source addresses" in
> packet headers?
If you get packets with fake source addresses fields in them then you
can't easily deny access by IP since you don't know where they come from.
The obvious reason for a packet to have a forged 'from' address is to hide
the identity of the sender...less obvious reasons are misconfigured NAT
firewalls that get packets with internal IP addresses and forget to change
them to external IP addresses, generally due to the firewall being
configured by the clueless -/
ISP's with properly configured routers shouldn't be letting these packets
out in the first place, but some do....
Note that it is *much* easier to see 'forged' packets if you are on a LAN
with a machine creating them, as they aren't routed, so they can contain
almost any kind of weird things and still get to your machine....
Hint: UDP is much much more susceptable to this, as there is no
requirement that a response get back to the true origin machine (to finish
opening the connection for example)
...somehow i doubt this will help you much -/
gsh