Fabian Wenk writes: > This Mail [1] arrived just over the Full-Disclosure mailinglist [2], > but should probably also be of interest to some people here.
> [1] > http://lists.grok.org.uk/pipermail/full-disclosure/2005-May/034342.html > [2] https://lists.grok.org.uk/mailman/listinfo/full-disclosure Yes, at least it should remind our community that ingress filtering is important. When I tried the "spoofer" test software from http://momo.lcs.mit.edu/spoofer/#software , I was shocked to see that I can spoof packets from my home broadband connection (and probably the 299'999 other broadband customers of that Swiss ISP can do so as well :-). Hopefully other Swiss ISPs do this better. I hate to say something in defense of NATs, but at least the problem is somewhat mitigated by the fact that many surfers (especially those with broadband connections) use NATs. They make address spoofing from compromised PCs ineffective. As for enterprise connections, I'm not sure. I assume most small enterprises use NATs as well. Large enterprises use firewalls, but if something behind the firewall does get infected, I'm not sure those firewalls would protect the outside world against spoofed packets (or any other kind of junk) from those machines. -- Simon. PS. SWITCH has ingress filters on all customer access interfaces, so compromised systems inside universities cannot used spoofed source addresses from outside the respective site's address space. _______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
