Re: (no subject)

Date: 01/30/01

Date: Tue, 30 Jan 2001 03:00:42 EST

In a message dated 1/28/01 12:43:34 PM Pacific Standard Time,

> > On Sun, 28 Jan 2001, Chris wrote:
> > > > Another thing to point out though is if a hacker were to spoof his
> address
> > > > and do a port scan, what would be the point? The data is useless if
> it can't
> > > > get back to the individual.
> > >
> > > One word, DoS.
> Well, two words... one of which is DoS. Another, which I find fun, and
> also doesn't matter if your ISP does egress filtering is to make a scan
> look like it came from your whole subnet. I'm sure that even if my DSL
> provider was making sure all the leaving traffic came from it's network it
> would still be tough to catch. Or, and this is rare these days, is if you
> are on an unswitched subnet or could somehow view traffic in flight you
> can always make the scan look like it came from the guy next door and just
> sniff the replies as them come back.
> I know my DSL is unfiltered on it's way out, so if I'm doing an audit from
> home for any reason I always mix in as a decoy -- just in case
> it hits something amusingly misconfigured, like a portsentry-type package
> with a glaring misconfiguration.
> -tcannon

That's why is in the ignore file. Reminds me of an phrase I heard
somewhere...One false packet and I'll knock you off the net....Or something
like that.


To Unsubscribe: send mail to
with "unsubscribe freebsd-security" in the body of the message