Eric Johnson <[EMAIL PROTECTED]> said ...
> "Parker, Gary W" wrote:
> > Retaliation is not the proper response to attacks, real or perceived.
> > Remember that you propose to spoof the attacker's address in your
response.
> > The attack itself could well have been made using a spoofed address, and
you
> > will in effect be further victimizing someone who is already themselves
a
> > victim.
>
> I'm not clear on what a port scan accomplishes with a spoofed address
> unless it is just to make you think you're being scanned from elsewhere.
> If you're being scanned from a spoofed address, then whoever is trying to
> find a vulnerability will never know the result, right?
>
One attack like this was reported at
http://www2.merton.ox.ac.uk/~security/archive-199806/0233.html
Possible reasons someone might do this would be to hide the logging of a
lower octane attack within reams of logging for the scan. Another reason is
to cause a legitimate resource to be blocked. If a few major ISP's block an
e-commerce site (see Apple.com article referenced above), it could result in
significant lost revenue.
-GWP
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
