Mailinglist Archive: opensuse-security (670 mails)
| < Previous | Next > |
Re: [suse-security] Excotic Firewall Police
- From: Boris Lorenz <bolo@xxxxxxx>
- Date: Mon, 26 Nov 2001 13:40:16 +0100 (CET)
- Message-id: <XFMail.011126134016.bolo@xxxxxxx>
Yup,
On 23-Nov-01 jon wrote:
> On Fri, Nov 23, 2001 at 05:09:50PM +0100, Praise wrote:
>
>> Il 16:55, venerdì 23 novembre 2001, spiekey ha scritto:
>> > Hello All!
>> > What would be the advantage or disadvantage of this idea:
>> >
>> > Why not forward the packets, which will be dropped usually, and forward it
>> > to the source address?
>> > Forward execpt of dropping.
[...]
>> What if he has got more bandwidth than you?
>
> How about something like LaBrea, instead of directly 'hitting back'?
>
> http://www.hackbusters.net/LaBrea/
>
> -j
Basically, LaBrea is a white hat implementation of ARP spoofing, with some
interesting enhanced features.
But it's NOT RECOMMENDED to use LaBrea if you are not fully aware of the
problems around (D)DoS attacks, Syn floods, Smurf attacks, and bandwith
calculation. Out of the box, LaBrea fills up a 256K uplink very quickly if
triggered by a relatively broad network scan, thus even legit traffic is locked
out.
Oh, and I think Ralf Koch is quite right. Although it often helps to broaden
your understanding of anti-cracker skills by setting up honeypots or
active/passive retaliation systems (if your time allows), such techniques are of
minor use in reality, and may cause problems if configured incorrectly.
Don't attack the attacker. Don't descent to their level.
Boris Lorenz <bolo@xxxxxxx>
---
On 23-Nov-01 jon wrote:
> On Fri, Nov 23, 2001 at 05:09:50PM +0100, Praise wrote:
>
>> Il 16:55, venerdì 23 novembre 2001, spiekey ha scritto:
>> > Hello All!
>> > What would be the advantage or disadvantage of this idea:
>> >
>> > Why not forward the packets, which will be dropped usually, and forward it
>> > to the source address?
>> > Forward execpt of dropping.
[...]
>> What if he has got more bandwidth than you?
>
> How about something like LaBrea, instead of directly 'hitting back'?
>
> http://www.hackbusters.net/LaBrea/
>
> -j
Basically, LaBrea is a white hat implementation of ARP spoofing, with some
interesting enhanced features.
But it's NOT RECOMMENDED to use LaBrea if you are not fully aware of the
problems around (D)DoS attacks, Syn floods, Smurf attacks, and bandwith
calculation. Out of the box, LaBrea fills up a 256K uplink very quickly if
triggered by a relatively broad network scan, thus even legit traffic is locked
out.
Oh, and I think Ralf Koch is quite right. Although it often helps to broaden
your understanding of anti-cracker skills by setting up honeypots or
active/passive retaliation systems (if your time allows), such techniques are of
minor use in reality, and may cause problems if configured incorrectly.
Don't attack the attacker. Don't descent to their level.
Boris Lorenz <bolo@xxxxxxx>
---
| < Previous | Next > |