2008/9/30 Oliver Fromme <[EMAIL PROTECTED]>: > > Bill Moran wrote: > > In response to Oliver Fromme <[EMAIL PROTECTED]>: > > > Pierre Riteau wrote: > > > > > > > Because the 3-way handshake ensures that the source address is > not being > > > > spoofed, more aggressive action can be taken based on these > limits. > > > > > > s/not being spoofed/more difficult to spoofe/ ;-) > > > > On a modern OS (like FreeBSD) where ISNs are random, the possibility of > > blindly spoofing an IP during a 3-way handshake is so low as to be > > effectively impossible. > > It depends a lot on the environment, for example whether > the attacker has access (or can somehow get access) to > the server's uplink and trace packets. This can happen > if the server is located with many other servers on the > same network, which is often the case for co-location > or so-called root servers.
Yes, but in that situation you probably have the capacity to inject enough traffic into the pipe to cause a total blackout... > Of course, if the network is regarded "secure", then > you are right. Spoofing a TCP handshake would be very > difficult in that case. (I try to avoid the word > "impossible". Nothing is impossible, especially in > the security business.) Security is always about the balance between the effort+risk to you vs the effort+benefit to the attacker... -- Igor _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
