Web lists-archives.com

Re: Why does Debian allow all incoming traffic by default




Le 22/09/2018 à 22:16, Stefan Monnier a écrit :
[...]
The benefit is that one cannot pinpoint the real attacker, of course.
Isn't the same benefit provided by just forging the source address ?
If all the routers in the path play along... but then, they are all
broken.

This condition must also be true in Reco's scenario to send the forged packets to the reflectors.

There's also the fact that all those RST packets can come from all over
the place and they come from where they say they come.

How can the target tell the difference ? It will receive all packets from its internet router anyway.

So they're a lot more difficult to block, compared to packets with
a forged source address all coming from the same IP.

"packets with a forged source address all coming from the same IP" does not make any sense. Packets do not "come from an IP", they just have a (possibly forged) source address wherever they come from.