[Dshield] Is it true that Linux users do not fear Viruses and Trojans (+ some vital questions)

Jens Knoell jens at ing.twinwave.net
Sun Oct 13 04:13:13 GMT 2002


Manuel Lanctot wrote:
> On Friday 11 October 2002 05:14 pm, Jens Knoell wrote:
>
>> Except that this in itself leaves you open for a DoS attack. Imagine
>> someone sending you forged "attack" packets which appear to come
>> from, say, the root nameservers and any local nameservers that might
>> serve your connection... poof, connection gone. Works like a charm
>> against many many firewall+ids combos out there.
>
> Sure, I'm not saying that I'm invulnerable to DoS or DDoS (who is?)
> but in this particular case, it's all about making the good rules. My
> nameservers can't be blocked easily by iptables but that doesn't stop
> IP spoofing anyway. Loosing my connection is much less important than
> losing root.

Very true. My reference was more targeted to production servers though. To
take down a server often requires a big DDoS network - unless there is a
IDS/Firewall combo in front of it, and many of them are badly configured...
thus the easy way to DoS them is to send a spoofed packet every now and
then. Even with minimal bandwidth, you can pretty much disable the server
easily.

In reference to the original question, this means (for me anyway) that one
has to be really careful on what and how to use security tools.

Jens




More information about the list mailing list