gpg: failed to create temporary file '/var/lib/lurker/.#lk0x57aa7100.hantslug.org.uk.21198': Permission denied
gpg: keyblock resource '/var/lib/lurker/pubring.gpg': Permission denied
gpg: Signature made Tue May 18 20:39:01 2010 BST
gpg: using DSA key 20ACB3BE515C238D
gpg: Can't check signature: No public key
On Tue, May 18, 2010 at 08:32:02PM +0100, Dee Earley wrote:
> On 18/05/2010 14:51, Andy Smith wrote:
> > Hi Chris,
> >
> > On Tue, May 18, 2010 at 01:50:12PM +0100, Chris Dennis wrote:
> >> I've just been to a client who suddenly lost access to various websites
> >> including www.hants.gov.uk
> >>
> >> It turns out that TalkTalk have assigned to her router an IP address
> >> like 2.97.x.x, and that Hampshire County Council think that it's
> >> invalid.
> >
> > I come across this all the time. HCC are running what networky types
> > call a bogon filter. An outdated bogon filter is worse than no bogon
> > filter at all.
>
> Out of interest, is there much point in having one at all?
> Surely if they are unallocated, no one can really be using them and
> expect them to work?
This thought had crossed my mind, too. I suppose it's possible for
an attacker to fake the return IP address on outgoing packets so that
it's impossible to tell (after the first routing or so) where the
packets have come from. Of course, any returned packets won't be able
to get back to the source, as they can't be routed anywhere, so the
attacker doesn't get a conversation. I suppose a bogon filter could
stop some kinds of entirely anonymous DoS attacks, but someone could
still carry out that kind of attack using legitimate IP addresses (and
cause the backscatter actually to go somewhere).
For the vast majority of installations, I'd say it's pretty
pointless.
Hugo.
--
=== Hugo Mills: hugo@... carfax.org.uk | darksatanic.net | lug.org.uk ===
PGP key: 515C238D from wwwkeys.eu.pgp.net or http://www.carfax.org.uk
--- Once is happenstance; twice is coincidence; three times ---
is enemy action.
