<[EMAIL PROTECTED]> writes: > My only question is what if I traceroute to you, find out the IP number of > your upstream router? Then I make a bunch of connection attempts to your IP > but forge the packets to make them look like they came from your upstream. > Don't *you* end up blacklisting your default route and you become 'so long > suckah'd?
This isn't a problem for 2 reasons. 1) The upstream router isn't likely to be the destination of any packet in a consumer-isp situation. Only if you are running some routing protocol that uses that upstream router as an endpoint (eg. rip, ospf, etc) will a block against that router's IP matter to you. I've heard of cases where folks intentionally add an IP-level block against their ISP's whole infrastructure. (Some ISP's don't allow any "servers". If they find an sshd hanging on port 22 are they going to hassle you? Just block 'em.) 2) Forging the source IP in a TCP packet and succeeding in negotiating the 3-way handshake isn't all that simple any more. I wouldn't worry about it. If someone could forge that reliably, there is much better game to go after (like breaking into machines that still use IP addresses for authorization.) Someone spoofing an IP so that you mistakenly block an innocent party is pretty much wasting a good trick. -wolfgang
