crazy hackers and logwatch
Dan Hollis
goemon at anime.net
Mon Aug 8 17:37:43 UTC 2005
On Mon, 8 Aug 2005, Nathan Grennan wrote:
> That sounds like auto-shunning, a term that Dan Kaminsky, uses. You are
> basically allowing the cracker add rules. Auto-shunning + IP Spoofing =
> Nastiness. They could say spoof your default gateway, root dns servers,
> the dns servers you use, etc. Then you automatically block those things
> that you need access to. They can also do this to you so that they can
> pretend to be you. They just get you to block the people that they want
> to appear to you to. The reverse is also possible. They get you to block
> your bank and then pretend to be your bank to phish you.
AFAIK no this is not possible with denyhosts. The logs it looks for
requires complete end to end TCP connections. Good luck spoofing a
complete end to end TCP connection on the modern internet (hint:source
routing does not work for some 15 years now).
Another good one is pam_abl. And I'm afraid that one is immune to spoofing
also.
-Dan
More information about the fedora-test-list
mailing list