On Thu, 7 Jul 2005, Alan Cox wrote: > On Iau, 2005-07-07 at 17:50, shogunx wrote: > > On Thu, 7 Jul 2005, Ryan McCain wrote: > > > > > Just make sure you DROP it and not REJECT it. > > > > I was thinking MIRROR it, sending back to the pit from whence it came. > > You don't know where it came from because the source maybe fake. > Mirroring it merely helps people hide attacks on other sites via yours.
Oh, I see. Someone forges headers to spoof the mirror into relaying nasty packets somewhere. A bit of logic in the middle of the subroutine could verify authenticity and if authentic, MIRROR, and if not authentic LOG or DROP. > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > sleekfreak pirate broadcast http://sleekfreak.ath.cx:81/ ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390