>Len, could you please explain "spoofing"
It's just techie jargon for fraudulent use of a value or situation.
"spoofing a connection" is a gateway telling the LAN apps that the
gateway is connected to another site, when in fact the gateway has
hung up (save connect charges) but it ready to re-connect on demand.
Spoofing mail headers is faking "MAIL FROM: [EMAIL PROTECTED]"
when really 1,000,000 spam msgs are being spewed out of .cn or .kr or
.tw. Guess who gets the bounces??
Spoofing ip's is when the sender says he is sending packets from an
ip when he is actually from another ip. Imail says "it's from one of
my "relay for addresses", so Imail relays the spam. Your Imail has
been hijacked by spammer using spoofed ip's. We actually had a guy
in the Imail list a few months ago with this pb. We was being
hijacked, we said "relay for addresses", stop/start imail, but he
came back saying he was still being hijacked, because the spammer had
spoofed ip and the guy's router wasn't set up (and he didn't know how
to do it).
At the gateway/border router, simplistically with just two
interfaces, "outside" is the WAN link, and "inside" is chez vous with
its various public ip blocks. So any packets coming from the outside
interface saying they are from your ip blocks are spoofed, since this
isn't possible. a pseudo-rule for packet filtering would be:
drop in on <if_outside_wan> from <my_networks> to <any>
iow, drop/block/discard any inbound packet arriving on the outside
interface with a from_ip_addr of my_networks to any inside ip. iow,
if any packet arrives inbound on my outside interface saying its
from_addr is one of my_network addreses, it's spoofing, so block it.
btw, the same approach is used for
http://www.faqs.org/rfcs/rfc1918.html adddresses, none of which
should ever be allowed from the outside to the inside, or from inside
to the outside, ie, these are private network, "non-routable" addresses.
If your router doesn't have packet filtering, try to add that option
or grab a P200 with two ethernet boards and use FreeBSD with stateful
ipfilter or Linux with ipchains (I think Linux recently obtained a
stateful filter but I can't remember the name) to build your own
packet filtering router. It's not that hard and with logging, you
can get a feel for the volume of crap that coming over the transom these days.
Len
http://BIND8NT.MEIway.com: ISC BIND 8.2.2 p5 installable binary for NT4
http://IMGate.MEIway.com: Build free, hi-perf, anti-spam mail gateways
______________________________________________________________________
The HKSI-IMail Admin List is hosted by........ Humankind Systems, Inc.
Questions, Comments or Glowing Praise...... mailto:[EMAIL PROTECTED]
Searchable List Archive.... http://www.mail-archive.com/[email protected]
To Manage your Subscription......... http://humankindsystems.com/lists
