At 09:08 21-12-1999 -0600, you wrote:
>"Parker, Gary W" wrote:
>> Retaliation is not the proper response to attacks, real or perceived.
>> Remember that you propose to spoof the attacker's address in your response.
>> The attack itself could well have been made using a spoofed address, and
you
>> will in effect be further victimizing someone who is already themselves a
>> victim.
>
>I'm not clear on what a port scan accomplishes with a spoofed address
>unless it is just to make you think you're being scanned from elsewhere.
>If you're being scanned from a spoofed address, then whoever is trying to
>find a vulnerability will never know the result, right?
>
Right. If the routing tables are all ok, the packets "should try" to reach
your internal network. But why loosing time with spoofed addresses or with
scans using spoofed addresses? Why don't you just deny the entrance of
spoofed addresses in your most exterior router?
Nuno
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
