Matan Peled said the following:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
William Kenworthy wrote:
Can anyone comment whether IP spoofing (for hiding country of origin) is
common? Seems quite unlikely - at least at the current state of things.
Is it even possible to tell (at the firewall interface?)
BillK
I think that for hiding country of origin by IP spoofing is quite useless, at
least on the Internet (It might work on a single subnet, or if you pretend to be
another IP in your subnet, and then switches complicate it as well...)
I think it depends on your purpose. It is easy to get around, but
blocking whole ranges based on country could help cut down on the
vulerability scans that can be so annoying. Our country does no
business with China, yet various subnets are frequently scanned from
addresses originating there. Blocking those ranges would cause most of
them to move on. It is likely that you already block whole invalid
subnets in your firewall rules anyway.
--
[email protected] mailing list
