On Iau, 2005-07-07 at 22:12, shogunx wrote: > Oh, I see. Someone forges headers to spoof the mirror into relaying nasty > packets somewhere. A bit of logic in the middle of the subroutine could > verify authenticity and if authentic, MIRROR, and if not authentic LOG > or DROP.
Verifying source is fairly hard except for internal network traffic. The more evil version of this is to find big networks configured for old style "respond to broadcast ping" behaviour. People then spoof packets to the broadcast address of that network with a fake source address of the victim, instant attack amplifier and most unpleasant. Alan ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390