User: Password:
Subscribe / Log in / New account

DNS hacking: Blacklisting source IP address

DNS hacking: Blacklisting source IP address

Posted Aug 16, 2008 8:21 UTC (Sat) by dlang (subscriber, #313)
In reply to: DNS hacking: Blacklisting source IP address by giraffedata
Parent article: Details of the DNS flaw revealed

actually, there are large chunks of the Internet that do not check the source IP when routing
the packets.

and once you get a hop or so from the source (real or forged) this is nessasary becouse the
routers could be dealing with packets from just about anywhere.

in theory every company/personal router and every ISP border router (both to the customers and
to other ISPs) has such filters.

in practice relativly few of them do.

this is even true of the major international peering points. every year or so you hear of a
country that got knocked off the Internet due to mistakes that someone makes with BGP routing
configuration. these useually get detected and fixed within a short time and so don't make the
news, but every once in a while the outage lasts long enough to get attention.

I've been at the recieving end of enough forged attacks to know that it's definantly possible.

although I'll admit that with botnets getting as large as they are, forged packets are not
used as much as they used to be.

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds