[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] DoS attack???
- Subject: Re: [cobalt-users] DoS attack???
- From: "E.B. Dreger" <eddy+public+spam@xxxxxxxxxxxxxxxxx>
- Date: Sun Jan 12 00:25:01 2003
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
BT> Date: Sat, 11 Jan 2003 21:24:49 -0800
BT> From: Bruce Timberlake
BT> /sbin/ipchains -A input -i eth0 -s 216.127.85.97 -l -j DENY
I wouldn't. Considering the SYN handshake is not completed, one
has NO WAY of knowing if the source IP is spoofed. Enough places
are sloppy with reverse DNS that I'd not use that as an indicator
of host validity, either.
Besides, even if the IP _is_ legitimate, there's nothing to say
you won't end up playing whack-a-mole. Serious crackers have
access to hundreds or thousands of "h4x0r3d" machines; you will
not block them all. If someone _really_ wants to scan you, they
will use a distributed scan.
If the SYN packets are causing problems, consider SYN cookies,
using a different OS, or running TCP intercept on your router.
If it isn't causing trouble, and isn't likely to, don't mess with
it... leave well enough alone. Don't shoot yourself in the foot.
Eddy
--
Brotsman & Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 (785) 865-5885 Lawrence and [inter]national
Phone: +1 (316) 794-8922 Wichita
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist@xxxxxxxxx>
To: blacklist@xxxxxxxxx
Subject: Please ignore this portion of my mail signature.
These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <blacklist@xxxxxxxxx>, or you are likely to
be blocked.