Firewalls: IP source-routing

Firewalls
(June 1994)

Indexed By Thread: [Previous] [Next]

Subject:	IP source-routing
From:	paul @ hawksbill . sprintmrn . com (Paul Ferguson)
Date:	Thu, 16 Jun 1994 12:23:48 -0500 (EST)
To:	ted . doty @ nsco . network . com
Cc:	firewalls @ greatcircle . com
In-reply-to:	<Chameleon . 4 . 00 . 940616083109 . ted @ doty . network . com> from "ted . doty @ nsco . network . com" at Jun 16, 94 08:24:24 am

> 
> Why not just set up the router between the Internet and the Firewall to
> drop packets with options 0x83 and 0x89 and log the event?  Or better yet,
> strip the option off?  I mean, this isn't rocket science.
>

You hit the nail squarely on the proverbial head.

In fact, routers which disallow IP source-routing altogether (cisco
systems, for examle) make it a snap. 

Can we move on now to other more interesting topics?  ,-)

Cheers,

_______________________________________________________________________________
Paul Ferguson                         
US Sprint 
Managed Network Engineering                        tel: 703.904.2437 
Herndon, Virginia  USA                        internet: paul @
 hawk .
 sprintmrn .
 com

References:

Re: Notes from Usenix Firewall BOF
From: ted . doty @ nsco . network . com

Indexed By Date	Previous:	NNTP as a trusted service From: howard . b . owen @ octel . com (Howard B Owen)
Indexed By Date	Next:	Re: NNTP as a trusted service From: long-morrow @ CS . YALE . EDU (H Morrow Long)
Indexed By Thread	Previous:	Re: Notes from Usenix Firewall BOF From: ted . doty @ nsco . network . com
Indexed By Thread	Next:	Re: Notes from Usenix Firewall BOF From: ted . doty @ nsco . network . com