[plug] OT: Smoothwall
Brad Campbell
brad at seme.com.au
Mon Aug 13 12:48:37 WST 2001
Matt Kemner wrote:
>
> On Mon, 13 Aug 2001, Brad Campbell wrote:
>
> > If I have a box, with ppp0 and eth0 on it. The default route is through ppp0
> > and 192.168.1.* is routed through eth0.
> >
> > A spoofed packet comes in from 192.168.1.1 sourced through ppp0.
> > Should the reply to that packet be routed through eth0, therefore
> > the sender of the spoofed packet will get no reply.
> > If so, then the packet spoofing could not be used to establish a connection,
> > just provide transport for an attack that requires no reverse traffic.
>
> You are correct - hence why TCP/IP uses the "3 way handshake" to initiate
> a connection - to prevent spoofing. However UDP and ICMP are vulnerable
> to spoofing. This is why it is always a good idea to add a rule such as:
Cheers for that Matt.
If anyone is interested
http://www.robertgraham.com/mirror/Shimomura-spoofing.html
gives a good, laymans terms description of how a spoofed attack was carried
out and what it enabled the attacker to do..
--
Brad....
/"\
Save the Forests \ / ASCII RIBBON CAMPAIGN
Burn a Greenie. X AGAINST HTML MAIL
/ \
More information about the plug
mailing list