Any self-respecting network administrator, (who knows what he/she is doing), would have planned for that And setup some kind of overideing ruleset, that will allways allow communiction to/from it's own resources. A.K.A, the "BLACKHOLE / IP BANNING" would be overiden for IP's & resources, like that of it's DNS Servers. But, that could, too, be exploited. If Z spoofs packets using the ip of the DNS Server (the one that is not banned because of the overide or 'never ban these ips, etc') Would be allowed to send those packets, SYN Packet, etc, as was stated, ad infinitum.
As, they say, no computer or server is ever, *TRULY*, secure - even with a software or hardware firwall, or 'voodoo-like' security measures. Digitalchaos (just my 2 cents) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thierry Zoller Sent: Friday, January 20, 2006 5:58 PM To: full-disclosure@lists.grok.org.uk Subject: Re[2]: [Full-disclosure] Personal firewalls. Dear Eliah Kagan, EK> Then Z comes along and sends a EK> bunch of SYN packets to X, spoofed to have the source IP of Y, waits EK> 10 minutes, and repeats ad infinitum. Z sends spoofed packets coming from the DNS server of X even more interesting.. -- http://secdev.zoller.lu Thierry Zoller Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3 75DD 0AC6 F1C7 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 267.14.21/236 - Release Date: 1/20/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 267.14.21/236 - Release Date: 1/20/2006 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/