Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Traces

From: "Shawn Jackson" <sjackson () horizonusa com>
Date: Tue, 6 Jan 2004 10:43:13 -0800
-----Original Message-----
From: Fernando Gont [mailto:fernando () gont com ar] 
Sent: Tuesday, January 06, 2004 5:36 AM
To: Shawn Jackson; Meritt James; Iain () mta1 horizonusa com
Cc: Gerson Sampaio; security-basics () securityfocus com
Subject: RE: Traces

At 11:26 05/01/2004 -0800, Shawn Jackson wrote:


        Personally I think this would only be, slightly, useful when
automated and even then multiple sites off your network, backbone even,
have to be under attack. Additionally it has to be from one system, or
group of systems on the same netblock (CIDR or Subnet), which isn't too
likely in this day-in-age.



Do you mean they should be in the same netblock in order to be
practicable, or what?


        Well the traffic needs to be passing through the same router.
Which means it's going to be coming from a host behind that router. If
we have multiple hosts they need to be within the same route table for
that router (Subnet, CIDR Block, host, etc) or the traffic will be going
to another router. It doesn't matter if we have 1000 hosts just as long
as they are passing through the same router, and thus are known to that
router through its own routing tables and are most likely in the same
Subnet, CIDR Block. Now that's going to be extremely uncommon, but if
you have 1000 hosts hitting you at once from all different networks,
that's a chore. I talking of more of an edge router then say a core
router.


        Besides a corporate network or controlled networking

environment

I can't see this being too terribly useful. But then again this is
coming from the guy who wants to beat script-kiddies up with a clue

bat.

Ending spoofing would be extremely useful, or at least finding out a

way

to locate the attackers when spoofing is being employed. Does IPv6

solve

this issue? Personally I haven't had time to fully inspect the

protocol.


Unfortunately, things like mobile-IP requires hosts to "legally" spoof

IP 

addresses. This "spoofing" is required as there are problems in the
Internet architecure that have not been solved.


        All I have to say is, *AURG*.


I'm going to head to B&N sometime this week and see if they have that
book, has anyone read it, is it any good?



I've read both the first and second editions (I think there's a third 
edition by now).
It's interesting. You'll enjoy reading it.
(I've found some technical errors, and sometimes I got the feeling

that >>the authours get too excited, though)

        Just as long as it doesn't put me into a coma I'm good. I learn
more on the fly then I do out of a book or study materials but I like
reading them anyways.


Now let the Out-Of-Office and
Undeliverable messages come, come to me!!



BTW, I sent an e-mail to the owner of the list, proposing to:



a) Change the Return-Path field so that it points to the mail robot.

This 

would free us from getting "undeliverable message" errors.
b) Change the Reply-To field so that it points to the list, rather

than >>the 

poster of the message. IMHO, replying only to the poster is the

exception, 

*not* the rule.


        Sounds good to me, about 500 Out-Of-Office notifications and
Undeliverable messages greeted me on Monday. It won't turn me off from
posting to the list, but personally I get enough mail as it is. I like
replying to the Poster and to the List; it's a politeness thing for me,
I'm responding to the poster, but sharing my opinion with the list.

Let's see what happens....  :-)

Best Regards,


--
Fernando Gont
e-mail: fernando () gont com ar || fgont () acm org



------------------------------------------------------------------------
---
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off
any 
course! All of our class sizes are guaranteed to be 10 students or less.

We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion
Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720
off 
any course!  
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
course! All of our class sizes are guaranteed to be 10 students or less.
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
and many other technical hands on courses.
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
any course!
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: