> Has anyone come up with filters for the "land" attack?
I know that "tear" uses UDP packets, what does "land" use?
Anyway, if you just want to protect certain machines you can block UDP
packet traffic to those machines at the router (just watch out for
RADIUS's UDP packets though).
The IP spoofing filters will work for outgoing if the person tries to
spoof a bogus IP, like 1.1.1.1. But it won't help if they try to
conceal their identity by spoofing from another dialup that is on the same
network and hence not caught by the filter.
Luckily none of my system machines are effected by land or tear (long live
Solaris!).
Just my thoughts,
James
Expessway Internet Services
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.