Protocol Encapsulation
Mark Hummel
mhummel at pcug.org.au
Thu Aug 9 00:19:56 EST 2001
On Wed, 8 Aug 2001, Sam Couter wrote:
> Mark Hummel <mhummel at pcug.org.au> wrote:
> >
> Spoofing is very difficult for real-life attacks for anything other than a
> DoS type attack (think distributed ping). It's nearly impossible for TCP,
> unless the attacker is on the network path between your server and the
> spoofed IP address.
>
> As Jeremy said, you can avoid these attacks by using SSL with client
> certificates. It's probably not worth the effort.
Yes, I think you are correct here. The risk does not offset the effort
involved. My machines aren't particularly juicy targets, no. In any case,
I've found a more simpler solution (involving the physical arrangement
rather than a software solution - I've just reassigned the jobs that I had
planned machines would do. This decision has resulted in me requiring to
run less services. )
So, Thanks for your help Sam and Jeremy.
Mark.
More information about the linux
mailing list