Re: IP Spoofing questions
From: Walter Roberson (roberson_at_ibd.nrc-cnrc.gc.ca)
Date: 03/08/04
- Next message: Bernard: "Re: New zombie fleet looking at webserver root pages??? Started Feb 10, ALL with browser string "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)""
- Previous message: Fuzzy Logic: "Re: anti-spam software for home use"
- In reply to: David Schlecht: "Re: IP Spoofing questions"
- Next in thread: jealous xmp: "Re: IP Spoofing questions"
- Reply: jealous xmp: "Re: IP Spoofing questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 8 Mar 2004 22:28:39 GMT
In article <5f16df6b.0403080915.fa8a603@posting.google.com>,
David Schlecht <dschl@earthlink.net> wrote:
:However, I still wonder if IP spoofing is possible with a good random
:sequence? Doesn't spoofing (blind spoofing) require correctly guessing
:the right sequence number?
There's a big gap between "difficult" and "impossible". If the site
allows indefinite number of trials on forming connections, then a
well-equipped attacker can keep trying and trying. Most "good random
sequences" are not in fact random, only pseudo-random.
:Also, your comments regarding the futility of reporting hack attempts
:if they're automated seems odd. If my host is hacked and being used to
:pursue futher break-ins, I would hope that someone would let me know.
:Hence, I would think that most hostmasters would appreciate being
:informed of the problem. Or -- is this just foolish thinking on my
:part?
Not meaning to be at all rude, but it's naive thinking on your part.
The number of reports that the comcast's and rr.com's get per day
can only be appreciated in scientific notation. If you aren't writing
to a small-time site with an otherwise good reputation, then chances
are you are just adding to the noise level.
My network is now targetted by more than 1 million connection attempts
per day, and we're not an "attractive nuisance". Do you realize how
long it takes just to -read- a million connection attempt records?
That's like 100 Mb per day. At the standard "5 characters per word",
and if you read at 1000 words per minute (rather on the high side, but
perhaps you learn to ignore parts of it), then that's 20,000 minutes
of reading, which is 13 8/9 days of solid reading -- per day of system
logs.
As UTexas Super Startrek used to say,
"Captain, in view of the alternatives, are you sure this is wise?"
-- Inevitably, someone will flame me about this .signature.
- Next message: Bernard: "Re: New zombie fleet looking at webserver root pages??? Started Feb 10, ALL with browser string "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)""
- Previous message: Fuzzy Logic: "Re: anti-spam software for home use"
- In reply to: David Schlecht: "Re: IP Spoofing questions"
- Next in thread: jealous xmp: "Re: IP Spoofing questions"
- Reply: jealous xmp: "Re: IP Spoofing questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
