>>> NetBIOS is UDP-based, and therefore trivial to spoof. I wonder how >>> long it takes before someone tricks you into blackholing your DNS >>> server or default gateway? >> Neither of your examples makes sense anyway, since my DNS server is >> on the house LAN and therefore already blocked anyway - [...] - and >> blocking my default gateway's address would affect nothing but >> traffic *from* the gateway machine; it wouldn't touch traffic >> *through* it. > If you run similar filtering on your DNS box, it seems possible to > send packets purporting to be from one of the root DNS servers.
(Well, I don't run filtering *on* the DNS machine, but it is behind the filtering done by my border router.) Yes, it is. It may even have happened. It's possible that the automated code has been tricked into listing one or more of the root servers. If so, I haven't noticed, so it hasn't been a practical problem; if it turns into one, I may have to take some kind of action, such as adding them to the auto-delist test. > Filtering these packets seems a little over the top---if your network > is immune why not just ignore them? (a) belt-and-suspenders; (b) it keeps a significant amount of clutter out of my logs. (I know the latter because I have a dialup backup netlink, and the machine it's on gets a good deal of clutter in its logs because that netlink is not behind the auto-blocking. The best example at the moment is whatever ssh-attacking malware is sending malformed disconnect messages; it never touches anything behind the auto-blocks. Oh, come to think of it, (c) it keeps the attacks from wasting resources while they fail, such as ssh connections doing kex eating cpu cycles.) I'm not so deluded as to think that the setup I now have would withstand a serious targeted attack by someone competent. It's intended to keep the doorknob-twisters from thinking there's anything worth their while. (There isn't, but they can be somewhat annoying while they hammer on me looking for something that isn't there.) /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML [EMAIL PROTECTED] / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
