On Wed, 24 Jan 2007, Mark Martinec wrote:
> myself writes:
>> which may pose a small risk of DoS. Such attack is only
>> possible from within your own networks, as a firewall or
>> a router should already be discarding packets with your
>> own network address coming from outside.
>
> Actually I'll be adding one more obstacle, just in case:
>
> - p0f-analyzer.pl will no longer reply to queries coming from low-numbered
> UDP ports below 1024 or to nfsd port 2049, to limit its usefulness as
> a DoS reflector for an attacker from internal networks.
You mean like:
--- p0f-analyzer.pl.orig 2007-01-24 15:06:53.585900184 -0800
+++ p0f-analyzer.pl 2007-01-24 15:06:24.257358800 -0800
@@ -104,6 +104,9 @@
} elsif (!grep {$_ eq $clientaddr} @inet_acl) {
printf STDERR ("query from non-approved client: %s\n",
$clientaddr) if $debug;
+ } elsif (!($port > 1024)) {
+ printf STDERR ("query from DoS reflector port: %s\n",
+ $port) if $debug;
} elsif ($inbuf !~ /^(\d+\.\d+\.\d+\.\d+) ([^ ]*)$/) {
printf STDERR ("invalid query syntax from %s\n",
$clientaddr) if $debug;
:)
Vincent
http://bl0g.blogdns.com
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
