On Thu, Aug 29, 2002 at 05:47:10AM -0500, Daniel J. Rychlik wrote:
> If you use Iptables and you block spoofed addresses with Iptables,
> will that stop the spoofing in their tracks, therefore decreasing the
> chance of a DOS?
Not necessarily. You can stop blind spoofing attacks where
ip's belonging to one NIC are not allowed to appear from
another, something which is also stopped by a debian if
the option is set in /etc/network/options.
A problem with this is that FreeSWAN forces you to disable
the anti-spoof protection on the NIC used by the tunnel
and they don't seem to think it worthwhile to fix the
problem.
Another class of spoofing iptables can stop is if you
are blocking any incoming connections that are not
associated with an existing outgoing connection.
However if you have any external access whatever, spoofing
attacks are possible, not only for DOS but for more
interesting blind attacks, particularly if someone manages
to predict a sequence number and capture a connection.
(Linux is fairly immune to prediction fortuneately.).
--
------------------------------------------------------
Nuke bin Laden: Dale Amon, CEO/MD
improve the global Islandone Society
gene pool. www.islandone.org
------------------------------------------------------
