At 09:26 AM 8/12/2002, you wrote: >--On Monday, August 12, 2002 09:07:20 -0700 Paul Jacobs ><[EMAIL PROTECTED]> wrote: > >>Why is it that after SUN'S new "TCP Hardening" patch and the 8+ new >>services running on my box now that when you goto "Action Against >>Detected Scans" and select "Log and Block" you get a message saying " if >>you enable this option you will be open to >>DOS attack's! ?. > >Because if someone scans your box using forged source addresses, you will be >blocking the forged addresses, which just might happen to belong to your >customers. If they forge the IPs to be those of the relatively few AOL >proxies, >for example, then the scan could cause you to block everyone from AOL. > >Frank > >-- >Frank Smith [EMAIL PROTECTED] >Systems Administrator Voice: 512-374-4673 >Hoover's Online Fax: 512-374-4501
If network admin's would setup there network right this could not happen!. A simple command in your cisco powered router config can stop forged addresses from getting to your box. That command would be "ip verify unicast reverse-path" (no quotes).. _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
