Re: Re[2]: [Full-disclosure] Personal firewalls.

From: Eliah Kagan <degeneracypressure@xxxxxxxxx>
Date: Fri, 20 Jan 2006 18:11:51 -0500

> Z sends spoofed packets coming from the DNS server of X even more
> interesting..

When Sygate PRO "blackholes" a host, does it block only unsolicited
packets (bad), or does it block *all* incoming packets from that host
(worse)?

-Eliah

On 1/20/06, Thierry Zoller <Thierry@xxxxxxxxx> wrote:
> Dear Eliah Kagan,
>
> EK> Then Z comes along and sends a
> EK> bunch of SYN packets to X, spoofed to have the source IP of Y, waits
> EK> 10 minutes, and repeats ad infinitum.
>
> Z sends spoofed packets coming from the DNS server of X even more
> interesting..
>
> --
> http://secdev.zoller.lu
> Thierry Zoller
> Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3 75DD 0AC6 F1C7
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: Re[2]: [Full-disclosure] Personal firewalls.
  - From: Dude VanWinkle

References:
- [Full-disclosure] Personal firewalls.
  - From: Soderland, Craig
- Re: [Full-disclosure] Personal firewalls.
  - From: Eliah Kagan
- Re[2]: [Full-disclosure] Personal firewalls.
  - From: Thierry Zoller

Prev by Date: Re[2]: [Full-disclosure] Personal firewalls.
Next by Date: RE: Re[2]: [Full-disclosure] Personal firewalls.
Previous by thread: Re[2]: [Full-disclosure] Personal firewalls.
Next by thread: Re: Re[2]: [Full-disclosure] Personal firewalls.
Index(es):
- Date
- Thread

Relevant Pages

RE: SQL Slammer Variant?
... If you're pretty sure that the traffic is originating internally and is ... internal network shouldn't be sending spoofed packets. ...
(Incidents)
Re: Using Nmap to send Spoofed packets
... Using Nmap to send Spoofed packets ... IMHO if your firewall is set up properly you will be able to block all the scanning packets. ... > decoy packets or spoofed packets to test for" spoofed IP filtering (at the ...
(Security-Basics)
Re: [SLE] Martian source
... What's more strange, ... from a spoofed localhost address. ... SuSEfirewall is not logging those spoofed packets from localhost. ...
(SuSE)
Re: INET6 -- and why I dont use it
... When Marcus Ranum is one of those questioning its security, ... Unless you implement BCP 38 you won't prevent spoofed packets ... These statements are as true for IPv4 as they are for IPv6. ...
(freebsd-stable)
RE: spoofed packets to RFC 1918 addresses
... I don't know about you guys, but the RFC1918 probes we've seen have been widely sporadic, and never last for more than a few packets at a time. ... > Subject: Re: spoofed packets to RFC 1918 addresses ... Dirk Koopman wrote: ... >> class C on the internet side of that firewall. ...
(Incidents)