Re: first succesful (lab) spoof of a fully source port randomized server reported
" Ondřej Surý " <ondrej.sury@nic.cz> Fri, 08 August 2008 12:42 UTC
Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A74333A6AEA; Fri, 8 Aug 2008 05:42:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 4.69
X-Spam-Level: ****
X-Spam-Status: No, score=4.69 tagged_above=-999 required=5 tests=[AWL=-0.437, BAYES_50=0.001, FH_RELAY_NODNS=1.451, FM_FORGED_GMAIL=0.622, HELO_MISMATCH_COM=0.553, J_CHICKENPOX_23=0.6, MIME_8BIT_HEADER=0.3, MIME_ASCII0=1.5, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xQadujuBLvBD; Fri, 8 Aug 2008 05:42:58 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id C6D833A6887; Fri, 8 Aug 2008 05:42:57 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1KRRCD-000ACB-UY for namedroppers-data@psg.com; Fri, 08 Aug 2008 12:35:53 +0000
Received: from [64.233.182.189] (helo=nf-out-0910.google.com) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from <ondrej.sury@nic.cz>) id 1KRRCA-000ABX-39 for namedroppers@ops.ietf.org; Fri, 08 Aug 2008 12:35:52 +0000
Received: by nf-out-0910.google.com with SMTP id g13so853759nfb.11 for <namedroppers@ops.ietf.org>; Fri, 08 Aug 2008 05:35:48 -0700 (PDT)
Received: by 10.210.73.12 with SMTP id v12mr5433306eba.101.1218198947878; Fri, 08 Aug 2008 05:35:47 -0700 (PDT)
Received: by 10.210.121.1 with HTTP; Fri, 8 Aug 2008 05:35:47 -0700 (PDT)
Message-ID: <e90946380808080535s3d29d4b5g16ed744df67a3123@mail.gmail.com>
Date: Fri, 08 Aug 2008 14:35:47 +0200
From: Ondřej Surý <ondrej.sury@nic.cz>
To: Jeroen Massar <jeroen@unfix.org>
Subject: Re: first succesful (lab) spoof of a fully source port randomized server reported
Cc: sthaug@nethelp.no, namedroppers@ops.ietf.org
In-Reply-To: <489C324B.1090603@spaghetti.zurich.ibm.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: base64
Content-Disposition: inline
References: <20080808111242.GI6566@outpost.ds9a.nl> <20080808.132607.41660169.sthaug@nethelp.no> <489C324B.1090603@spaghetti.zurich.ibm.com>
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
> /me reconfigures the 1M-node botnets to only send 100 packets/s per bot. Hmm, and how do you spoof source IP address together with not being blocked by per source IP limit filter? Ondrej. -- Ondřej Surý technický ředitel/Chief Technical Officer ----------------------------------------- CZ.NIC, z.s.p.o. -- .cz domain registry Americká 23,120 00 Praha 2,Czech Republic mailto:ondrej.sury@nic.cz http://nic.cz/ sip:ondrej.sury@nic.cz tel:+420.222745110 mob:+420.739013699 fax:+420.222745112 -----------------------------------------
- first succesful (lab) spoof of a fully source por… bert hubert
- Re: first succesful (lab) spoof of a fully source… sthaug
- Re: first succesful (lab) spoof of a fully source… Jeroen Massar
- Re: first succesful (lab) spoof of a fully source… Ondřej Surý
- Re: first succesful (lab) spoof of a fully source… Jeroen Massar
- Re: first succesful (lab) spoof of a fully source… sthaug
- Re: first succesful (lab) spoof of a fully source… Alex Bligh
- Re: first succesful (lab) spoof of a fully source… Paul Vixie