From: "Stephen Isard" <y8ju2p902@sneakemail.com>
To: netfilter@vger.kernel.org
Subject: Re: iptables rules for cups printer discovery
Date: Fri, 15 Aug 2008 11:38:22 -0400 (EDT) [thread overview]
Message-ID: <17319-84921@sneakemail.com> (raw)
In-Reply-To: <48A59EE8.8090709@riverviewtech.net>
On Fri, 15 Aug 2008, Grant Taylor wrote:
> If you are worried about someone else spoofing an IP in your recent list,
> look in to the --rttl option to have the recent list remember the TTL values
> of packets and require them to be the same. This way if some jerk off who is
> more hops away from you is trying to pretend to be you, his traffic will
> appear to be at a different TTL than yours. This is not fool proof, but it
> will sure help reduce the risk of exposure that you are referring to.
Thanks, Grant.
I don't think any spoofing is required. I had in mind someone who had
gained access to my local network (not simple, but not out of the
question) and who was essentially pretending to be a printer by sending
packets from his port 161 immediately following a cups broadcast. I'm
not worried about people without access to the local network because
they wouldn't see the broadcast that opens the "recent" time window.
Am I fussing over nothing here? Is it clear that much harm can be done
by getting upd packets through my firewall to arbitrary high numbered
ports? Denial of service is probably not a big issue because of the
short time window.
next prev parent reply other threads:[~2008-08-15 15:38 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-08-14 18:51 iptables rules for cups printer discovery Stephen Isard
2008-08-14 20:00 ` Jan Engelhardt
2008-08-14 20:23 ` Stephen Isard
2008-08-14 20:37 ` Jan Engelhardt
[not found] ` <11653-43715@sneakemail.com>
[not found] ` <alpine.LNX.1.10.0808141744490.18538@fbirervta.pbzchgretzou.qr>
2008-08-14 23:01 ` Stephen Isard
2008-08-15 1:35 ` Grant Taylor
2008-08-15 1:53 ` Jan Engelhardt
2008-08-15 2:00 ` Grant Taylor
2008-08-15 2:04 ` Jan Engelhardt
2008-08-15 2:14 ` Grant Taylor
2008-08-15 2:26 ` Jan Engelhardt
2008-08-15 13:10 ` Stephen Isard
2008-08-15 13:23 ` Jan Engelhardt
2008-08-15 14:17 ` Stephen Isard
2008-08-15 15:21 ` Grant Taylor
2008-08-15 15:38 ` Stephen Isard [this message]
2008-08-15 16:16 ` Grant Taylor
2008-08-15 16:28 ` Stephen Isard
2008-08-15 18:01 ` Grant Taylor
2008-08-15 15:16 ` Grant Taylor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=17319-84921@sneakemail.com \
--to=y8ju2p902@sneakemail.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox