On Mon, 2002-02-11 at 21:56, Ben Lutgens wrote: > On Mon, 2002-02-11 at 21:34, Dave Sherman wrote: > > I already run snort (and have since day one), and it has logged lots of IP > > addresses and blocked them. > > snort doesn't "block" attackers. At least not without a 3d party module > that sets iptables(or ipchains) rules. Yes, you are correct of course. I forgot that I was also running Guardian :-) > And it _is_ possible to spoof > ones IP address. It's non-trivial, but can be done. It's a matter of > sending cutom built packets. It's used when attacking servers that are > configured to allow certain hosts access to certain IP addresses. I > don't know the details of such attacks, but I know it's possible. That would be interesting to see. How does a do packets destined for a server's own interface address ever leave the box to get to a spoofing system? Dave -- Beware the wrath of dragons, for you are crunchy, and good with ketchup. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: This is a digitally signed message part Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20020212/1f168a80/attachment.pgp