BayLISA - July 15, 2004 - Mark Langston's Through a Sniffer Darkly
Mark C. Langston
mark at bitshift.org
Wed Jul 21 16:12:12 PDT 2004
>
> There are numerous ways one could (and in some cases should) block outbound
> packets generated by Mark's software:
> 1. A reasonable sysadmin must block outbound packets that are not actually
> coming from its own IP address space;
> 2. A reasonable sysadmin should, if they're concerned about security, do
> internal filtering to ensure people can't IP-spoof across internal
> networks;
Agreed wholeheartedly. In fact, one of the things I usually do when I
describe/present this code is say, "Now, see? If you'd do some
source-address spoof-prevention, you wouldn't have this problem!"
What I generally don't point out (because it should be fairly obvious)
is that source-address filtering at the firewall and router solves a
host of other problems as well, all generally associated with various
types of malware.
--
Mark C. Langston GOSSiP Project Sr. Unix SysAdmin
mark at bitshift.org http://sufficiently-advanced.net mark at seti.org
Systems & Network Admin Distributed SETI Institute
http://bitshift.org P2P Antispam http://www.seti.org
More information about the Baylisa
mailing list