-----Original Message-----
From: John D. Hardin [mailto:[EMAIL PROTECTED]]
Sent: Monday, October 16, 2000 11:56 PM
Subject: Re: "Masking" ports from IP ranges (was RE: Thanks & port 80
filterin g by IP)
On Mon, 16 Oct 2000, Ward William E PHDN wrote:
>> IOW, could you arrange that the only way the ISP would be able to
>> detect the service was to either use a packet sniffer, or to go
>> outside the native IPs of the ISP and sniff from outside the ISP?
> Yes, but:
> what if the ISP does the equivalent of...
> ipchains -A input -d $DSL/24 80 -j DENY
> at their border routers?
Hmmmm... I somehow don't think the ISP would do that. After all,
wouldn't that also block any of the ISP's own sites internally from
being externally visible? You wouldn't be able to visit the webpage
of the company itself, unless they put in extra rules allowing access
to those sites.... not a tough thing to do, but would they bother?
It wouldn't effect machines that are internal to the ISP, so
it wouldn't be 100% effective, at least without at least an internal
port scan.
But that's a third way the ISPs would get around that....
1) external IPs to do port scanning of the internal IP addresses...
my understanding is some ISPs do this already, to locate machines
which might be vulnerable to DDoS slave exploits.
2) Packet sniffing.
3) ipchains on the external routers plus an internal port scan.
Any others? Or do folks feel that the ISPs with restrictions that
way would go to this much trouble?
BTW, this really IS hypothetical.... I've got a 56K dialup ISP at
home, DSL and Cable aren't offered in my area yet.
Bill Ward
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
