Security Basics mailing list archives
RE: Traces
From: "Shawn Jackson" <sjackson () horizonusa com>
Date: Tue, 6 Jan 2004 10:43:13 -0800
-----Original Message----- From: Fernando Gont [mailto:fernando () gont com ar] Sent: Tuesday, January 06, 2004 5:36 AM To: Shawn Jackson; Meritt James; Iain () mta1 horizonusa com Cc: Gerson Sampaio; security-basics () securityfocus com Subject: RE: Traces At 11:26 05/01/2004 -0800, Shawn Jackson wrote:
Personally I think this would only be, slightly, useful when automated and even then multiple sites off your network, backbone even, have to be under attack. Additionally it has to be from one system, or group of systems on the same netblock (CIDR or Subnet), which isn't too likely in this day-in-age.
Do you mean they should be in the same netblock in order to be practicable, or what?
Well the traffic needs to be passing through the same router. Which means it's going to be coming from a host behind that router. If we have multiple hosts they need to be within the same route table for that router (Subnet, CIDR Block, host, etc) or the traffic will be going to another router. It doesn't matter if we have 1000 hosts just as long as they are passing through the same router, and thus are known to that router through its own routing tables and are most likely in the same Subnet, CIDR Block. Now that's going to be extremely uncommon, but if you have 1000 hosts hitting you at once from all different networks, that's a chore. I talking of more of an edge router then say a core router.
Besides a corporate network or controlled networking
environment
I can't see this being too terribly useful. But then again this is coming from the guy who wants to beat script-kiddies up with a clue
bat.
Ending spoofing would be extremely useful, or at least finding out a
way
to locate the attackers when spoofing is being employed. Does IPv6
solve
this issue? Personally I haven't had time to fully inspect the
protocol.
Unfortunately, things like mobile-IP requires hosts to "legally" spoof
IP
addresses. This "spoofing" is required as there are problems in the Internet architecure that have not been solved.
All I have to say is, *AURG*.
I'm going to head to B&N sometime this week and see if they have that book, has anyone read it, is it any good?
I've read both the first and second editions (I think there's a third edition by now). It's interesting. You'll enjoy reading it. (I've found some technical errors, and sometimes I got the feeling
that >>the authours get too excited, though) Just as long as it doesn't put me into a coma I'm good. I learn more on the fly then I do out of a book or study materials but I like reading them anyways.
Now let the Out-Of-Office and Undeliverable messages come, come to me!!
BTW, I sent an e-mail to the owner of the list, proposing to:
a) Change the Return-Path field so that it points to the mail robot.
This
would free us from getting "undeliverable message" errors. b) Change the Reply-To field so that it points to the list, rather
than >>the
poster of the message. IMHO, replying only to the poster is the
exception,
*not* the rule.
Sounds good to me, about 500 Out-Of-Office notifications and Undeliverable messages greeted me on Monday. It won't turn me off from posting to the list, but personally I get enough mail as it is. I like replying to the Poster and to the List; it's a politeness thing for me, I'm responding to the poster, but sharing my opinion with the list. Let's see what happens.... :-) Best Regards, -- Fernando Gont e-mail: fernando () gont com ar || fgont () acm org ------------------------------------------------------------------------ --- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- Re: Traces, (continued)
- Re: Traces Jimi Thompson (Jan 05)
- Re: Traces Meritt James (Jan 05)
- Re: Traces Fernando Gont (Jan 06)
- RE: Traces Fernando Gont (Jan 02)
- RE: Traces Shawn Jackson (Jan 02)
- RE: Traces Meidinger Chris (Jan 05)
- RE: Traces Fernando Gont (Jan 06)
- RE: Traces Shawn Jackson (Jan 05)
- Re: Traces Meritt James (Jan 05)
- RE: Traces Fernando Gont (Jan 06)
- RE: Traces Shawn Jackson (Jan 06)
- RE: Traces Fernando Gont (Jan 19)
- RE: Traces Shawn Jackson (Jan 19)