RE: (PM) filter for land attach

Elric of Melnibone (elric@melnibone.org)
Sat, 22 Nov 1997 11:32:49 -0600

For the land attack this is true, and will always be true.

-----Original Message-----
From: Stephen Zedalis [SMTP:tintype@exis.net]
Sent: Saturday, November 22, 1997 8:09 AM
To: Jake Messinger
Cc: Russ Hughes; portmaster-users@livingston.com
Subject: Re: (PM) filter for land attach

On Fri, 21 Nov 1997, Jake Messinger wrote:

>On Fri, 21 Nov 1997, Russ Hughes wrote:

>> deny 192.168.1.1/32 192.168.1.1/32 <--- first assigned ip
>> ...
>> deny 192.168.1.30/32 192.168.1.30/32 <--- last assigned ip
>> permit 0.0.0.0/0 0.0.0.0/0

>is it that simple? What are you denying? Everything?

No, but he is making the simplistic assumption that in all attacks
the source address will match the destination address. This will only
work if this is true, put any other address for source and the attack
gets through.

This is a situation where the "pool" IP assignment makes filtering harder.
If you could put a filter on a port because you always knew that a port
would get a specific IP address if dynamic IP. And those users with
static IPs get a customized filter (ala choicenet?). It would then be
much easier to set up filters for this. As far as putting in wildcards
for the current port address, that would be an RFE.

-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.

-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.