Fabian Wenk writes:
> This Mail [1] arrived just over the Full-Disclosure mailinglist [2],
> but should probably also be of interest to some people here.

>    [1]
> http://lists.grok.org.uk/pipermail/full-disclosure/2005-May/034342.html
>    [2] https://lists.grok.org.uk/mailman/listinfo/full-disclosure

Yes, at least it should remind our community that ingress filtering is
important.  When I tried the "spoofer" test software from
http://momo.lcs.mit.edu/spoofer/#software , I was shocked to see that
I can spoof packets from my home broadband connection (and probably
the 299'999 other broadband customers of that Swiss ISP can do so as
well :-).  Hopefully other Swiss ISPs do this better.

I hate to say something in defense of NATs, but at least the problem
is somewhat mitigated by the fact that many surfers (especially those
with broadband connections) use NATs.  They make address spoofing from
compromised PCs ineffective.

As for enterprise connections, I'm not sure.  I assume most small
enterprises use NATs as well.  Large enterprises use firewalls, but if
something behind the firewall does get infected, I'm not sure those
firewalls would protect the outside world against spoofed packets (or
any other kind of junk) from those machines.
PS. SWITCH has ingress filters on all customer access interfaces, so
    compromised systems inside universities cannot used spoofed source
    addresses from outside the respective site's address space.

swinog mailing list

Antwort per Email an