[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Contribute to pf(4)
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: Contribute to pf(4)
- From: Dave Taira <bodhi_(_at_)_hagakure_(_dot_)_org>
- Date: Mon, 15 Jul 2002 23:05:10 -0700 (PDT)
On Tue, 16 Jul 2002, Dirk Rosler wrote:
> I fail to understand the concern addressed with blocking those unused
> networks. If you're vulnerable, you're vulnerable, irrespective of origin.
> All you do is reduce "from any" to "from any minus unused networks", but
> so what?
It isn't a question of vulnerable or not. It's a question of who you're
talking to. If the other end of the IP conversation is blatantly fake,
why bother spending any more time on it?
I have caller-ID, and anything that shows up as "unknown name" and/or
"unknown number", I ignore, because it's not worth my time to even start
a conversation with a telemarketer.
Say you are running a vulnerable service reachable "from any minus unused
> networks", so the attacker has to be on a legit IP to attack? This seems
> bizarre as chances are almost 100% that he will be anyway.
>
> Anti-spoofing? Well, then the attacker will just spoof using a legit IP...
The availability of fake IDs doesn't prevent ID being required for liquor
sales.
> What is gained by blocking unused networks?
What's lost? I will grant, security gains aren't huge, but neither is the
cost.
[ Dave Taira <bodhi_(_at_)_hagakure_(_dot_)_org> 2002.07.15/23:05:11 PDT ]
[ Morlock for Hire ]
[ I hate to advocate drugs, alcohol, violence, or insanity to anyone, ]
[ but they've always worked for me. -- Hunter S. Thompson ]
Visit your host, monkey.org