Re: paranoia

From: Robert Watson (rwatson_at_FreeBSD.org)
Date: 02/17/05

Next message: Robert Watson: "Re: FreeBSD 5.3 hangs on high network load"

Previous message: Gleb Smirnoff: "in_pcbconnect_setup() question"
In reply to: Andrew Heyn: "paranoia"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Thu, 17 Feb 2005 11:51:52 +0000 (GMT)
To: Andrew Heyn <aheyn@jmsent.com>

On Wed, 16 Feb 2005, Andrew Heyn wrote:

> Here's an on/off topic question i've been wondering about forever...
>
> I always see people replace their IPs with fake replacements. Is this
> paranoia really warranted? Why not disconnect the cat5 if you want to
> do this?
>
> Or am I not seeing things the right way?

People who "fake" IPs generally do so for purposes of anonymity or to
prevent revealing information about their network infrastructure. Here
are a few examples of situations where people look to conceal their IP
addresses

- Firewalls and NATs perform address translation to conceal the internal
layout of a network. This can make it substantially harder to
effectively attack a network.

- Spammers attempt to conceal their IP addresses so that they cannot be
tracked back to a particular ISP.

- Attackers using distributed denial of service attacks will conceal their
IP addresses so they cannot be traced back to a particular end-host.

- End-users seeking to send anonymous tips, etc, i.e., to the police,
media, or others, will conceal their IP addresses to hide their
identities.

So there's quite a spectrum of interest in the topic :-). Sometimes this
is done by spoofing IP addresses using raw sockes or BPF; other times, it
is done through proxies, onion routing, and so on, which requires
collaboration by other parties (witting or otherwise).

Robert N M Watson

_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

Next message: Robert Watson: "Re: FreeBSD 5.3 hangs on high network load"

Previous message: Gleb Smirnoff: "in_pcbconnect_setup() question"
In reply to: Andrew Heyn: "paranoia"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages

RE : Experiences with Toplayer Attack Mitigator IPS
... Objet: Re: Experiences with Toplayer Attack Mitigator IPS ... I'm still waiting for the report from the network ... security vendors are so fond of touting nowadays? ...
(Focus-IDS)
Re: amount of alarms generated by IDS
... IPS they were able to do two things: ... basically created an ISIC attack in it's own way. ... The customer however noted that he was still ... So in both these cases an IPS was able to detect "wacky" network ...
(Focus-IDS)
Re: IPS, alternative solutions
... I have the impression that some of the alternatives to IPS you mentioned ... Parts of the market have matured (network ... implementations (in-line protocol decoding and blocking/active response ... an often deployed technology at this time is ...
(Focus-IDS)
RE: ASIC Based IPS
... IPS performs on each network stream can be done in parallel, ... There are 2 ways to achieve parallelism: ... The benefits of speed come about when you start using ASICs in parallel ...
(Focus-IDS)
NADS ( was RE: IPS comparison)
... One thing that does bother me is how IPS has been ... great at the perimeter or other "choke points" in the network. ... NADS gives much of the value of traditional network ... that detection by itself is just not enough. ...
(Focus-IDS)