Force all DNS requests to go to the local recusirve server. Setup a fake authoritative zone for ".xxx" that has a wildcard entry, which is pointed to your local "banned" page.
And as far as visiting websites by IP address goes, there's an over abundance of sites using virtual hosting these days. You'd more than likely need to stick something in your hosts file as well.
I don't know why it took so long for someone to atleast hint of the problems behind this exploit. Slashdot is truly full of morons.
"Doesn't almost every ISP filter outgoing packets for a bit of sanity"
Yes, many of them do. Many of them also prevent spoofing from netblocks that aren't registered in their routing tables. Not to mention that most people who are behind NATs will not be in a 'demilitarized' zone and cannot receive arbitrary packets. However, for those that are, you still need to take it upon yourself to initiate NAT disclosure in order to get their LAN IP - which is sometimes trivial with certain home 'routers.'
But.. Trust me:
Most ISPs are safe from IP spoofing these days, HOWEVER, you can usually spoof from your/24 or whatever, since they only use a routing table look-up to verify the reverse path. This means that with IP based restrictions, I am still able to spam if I do a little ARP spoofing + IP spoofing, which is possible on many networks today. With SASL or similar, I'd still have to find another password. Plus, there are the advantages that a poster below noted, where the ISP can easily shut down individual accounts (dynamic IPs any one?) and even give an error as to why it was shut down.
"Like I could really kill 100 people in a mall with only a 2-1/2 inch blade and a pair of pliers."
All the terrorists needed was three Saudis and a box cutter to scare off a 747 full.
Re:Who didn't see this coming?
on
SCO DOS'ed
·
· Score: 1
genius, 100Mbps is not alot at all. and let me assure you, no INDIVIDUAL EFnet server was brought down by a mere 20Mbps (save UMN, CMU and a couple other flaky oldschool servers), let alone the whole net. what happened a year and a half ago was naptime taking out frontiernet, basically the biggest hub instead of Concentric at the time, and I can assure you E-frontiernet had a 155Mbps connection and W-frontiernet had a couple of them. it's not that easy to DoS EFNet.
Slashdot Mirror
Force all DNS requests to go to the local recusirve server. Setup a fake authoritative zone for ".xxx" that has a wildcard entry, which is pointed to your local "banned" page. And as far as visiting websites by IP address goes, there's an over abundance of sites using virtual hosting these days. You'd more than likely need to stick something in your hosts file as well.
ORLY??? :P
and I'm the one who is modded troll. pfft, 'grammer' boy.
pussy
It's actually Gates's.
I don't know why it took so long for someone to atleast hint of the problems behind this exploit. Slashdot is truly full of morons. "Doesn't almost every ISP filter outgoing packets for a bit of sanity" Yes, many of them do. Many of them also prevent spoofing from netblocks that aren't registered in their routing tables. Not to mention that most people who are behind NATs will not be in a 'demilitarized' zone and cannot receive arbitrary packets. However, for those that are, you still need to take it upon yourself to initiate NAT disclosure in order to get their LAN IP - which is sometimes trivial with certain home 'routers.'
But.. Trust me: Most ISPs are safe from IP spoofing these days, HOWEVER, you can usually spoof from your /24 or whatever, since they only use a routing table look-up to verify the reverse path. This means that with IP based restrictions, I am still able to spam if I do a little ARP spoofing + IP spoofing, which is possible on many networks today. With SASL or similar, I'd still have to find another password. Plus, there are the advantages that a poster below noted, where the ISP can easily shut down individual accounts (dynamic IPs any one?) and even give an error as to why it was shut down.
"Like I could really kill 100 people in a mall with only a 2-1/2 inch blade and a pair of pliers." All the terrorists needed was three Saudis and a box cutter to scare off a 747 full.
genius, 100Mbps is not alot at all. and let me assure you, no INDIVIDUAL EFnet server was brought down by a mere 20Mbps (save UMN, CMU and a couple other flaky oldschool servers), let alone the whole net. what happened a year and a half ago was naptime taking out frontiernet, basically the biggest hub instead of Concentric at the time, and I can assure you E-frontiernet had a 155Mbps connection and W-frontiernet had a couple of them. it's not that easy to DoS EFNet.