Protocol Encapsulation

jeremy at jeremy at
Tue Aug 7 00:34:06 EST 2001

On  6 Aug, Mark Hummel wrote:
> On Mon, 6 Aug 2001, Sam Couter wrote:
>> Mark Hummel <mhummel at> wrote:
>> > 
>> Ah, then you want packet filtering or TCP wrappers.
> Thanks, but I did know about TCP wrappers. Actually, Jeremy has suggested
> just relying on hosts.allow and hosts.deny. I think that would sufficient. 
> The only thing I was worried about was spoofing - a packet pretends to be
> from one of the trusted machines...

So you'd be looking for SSL enabled services.

Are your machines particularily juicy targets?  Spoofing limits the
attacker to very few actual attacks (since you can't open a session
while spoofing) so it's usually less of an issue, plus it has to be
targetted.  Someone had to go to the effort of finding out the clients
IPs to use to attack the server.

If I'm wrong please correct me, but I think you can only do stuff like
bounce attacks while spoofing.

I/O, I/O,
It's off to disk I go,
A bit or byte to read or write,
I/O, I/O, I/O...

More information about the linux mailing list