On 30 Jun 2002, Paul Iadonisi wrote:
> Harumph. I kinda knew that, but in a way, I was hoping there was a
> way, from the attacker's perspective, of making it really look it was
> coming from himself. Because, really, it is.
Eh, if you're really going to use this in a retaliatory fashion, there are
better weapons. Derek's right in that it shouldn't be used as such,
regardless of the legality.
> clean of these scourges. Having rogue packets bounced back to you is
> one more method of waking these people up.
Just because someone doesn't know about a problem doesn't mean we have to
impact everyone else that's on the same router/switch as that guy. We
should be taking the higher ground here. We know what's right and what's
wrong. To take your analogy to a more accurate, real world depiction:
Imagine someone throwing a brick through your window. The brick
has a note tied to it that says 'From Your neighbor at #126 Fifth St.'.
Do you go and call the police on your neighbor? Do you pick it up and
throw it back through his window?
Without the analogy:
Joe Dohn decides he wants to be a hacker after getting his news
SANS certification and the 'Red Button Disk'.
He sets it up to send a random DoS with a spoofed source out to
some network somewhere.
You get the packet, aren't affected (of course) and send it back
with your MIRROR rule.
You end up DoSing the SPOOFED source's network - some random
person who had nothing to do with it other than random selection of an IP
address.
Spoofing a source is incredibly trivial... so trivial that it should be
relied upon that an attacker's (specifically a DoS's) Source IP is
spoofed.
Ben
--
A Jade stone is useless before it is processed; a man is good-for-nothing
until he is educated.
*****************************************************************
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*****************************************************************
