On Wed, Oct 03, 2007 at 08:46:22AM -0400, der Mouse wrote: > On Wed, Oct 03, 2007 at 10:37:39AM +0200, Dag-Erling Smorgrav wrote: > > NetBIOS is UDP-based, and therefore trivial to spoof. I wonder how > > long it takes before someone tricks you into blackholing your DNS > > server or default gateway? > > Neither of your examples makes sense anyway, since my DNS server is on > the house LAN and therefore already blocked anyway - incoming packets > with source addresses on the house LAN are dropped by my border router > as forgeries, independent of the dynamic blocking - and blocking my > default gateway's address would affect nothing but traffic *from* the > gateway machine; it wouldn't touch traffic *through* it.
If you run similar filtering on your DNS box, it seems possible to send packets purporting to be from one of the root DNS servers. Filtering these packets seems a little over the top---if your network is immune why not just ignore them? Sam _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
