Services offered: offshore dedicated server, offshore anonymous hosting and domains, offshore VPS, offshore free speech hosting, offshore remote PC and offshore file storage, offshore trader hosting, free speech, overseas anonymous hosting, overseas freedom of speech, offshore VPN servers, overseas servers. - Payments: Payza, PayPal, Western Union

Privacy ~ Security ~ Offshore


Spirit International Services Corporation, a Panama Corporation - Providing offshore services since 1999


State-of-the-Art Data Center

continued from page 1

 

Anti-spoofing

Many network attacks rely on an attacker falsifying, or "spoofing," the source addresses of IP datagrams. Some attacks rely on spoofing to work at all, and other attacks are much harder to trace if the attacker can use somebody else's address instead of his or her own. Anti-spoofing measures have been adopted on the network's perimeter to prevent hosts on the Internet from assuming the addresses of its Co-Location servers.

There are at least three good reasons for doing anti-spoofing in both directions at our network perimeter:

  1. Internal users will be less tempted to try launching network attacks and less likely to succeed if they do try.
  2. Accidentally misconfigured internal hosts will be less likely to cause trouble for remote sites (and therefore less likely to generate angry telephone calls or damage your organization's reputation).
  3. Outside crackers often break into networks as launching pads for further attacks. These crackers may be less interested in a network with outgoing spoofing protection.

Controlling Directed Broadcasts

IP directed broadcasts are used in the extremely common and popular "smurf" denial of service attack, and can also be used in related attacks.

In a "smurf" attack, the attacker sends ICMP echo requests from a falsified source address to a directed broadcast address, causing all the hosts on the target subnet to send replies to the falsified source. By sending a continuous stream of such requests, the attacker can create a much larger stream of replies, which can completely inundate the host whose address is being falsified.

Our border router has been configured with no IP directed-broadcast command to drop these directed broadcasts that would otherwise be "exploded" into link-layer broadcasts of a subnet.

IP Source Routing

The IP protocol supports source routing options that allow the sender of an IP datagram to control the route that datagram will take toward its ultimate destination, and generally the route that any reply will take. These options are rarely used for legitimate purposes in real networks. Some older IP implementations do not process source-routed packets properly, and it may be possible to crash machines running these implementations by sending them datagrams with source routing options.

Our border router has been configured with no IP source-route to deny forwarding an IP packet which carries a source routing option.