Firewalls: Faking source address on TCP packets

Firewalls
(July 1994)

Indexed By Thread: [Previous] [Next]

Subject:	Faking source address on TCP packets
From:	"Rob Tanner" <tanner @ george . arc . nasa . gov>
Date:	Tue, 05 Jul 1994 19:27:11 -0700
To:	firewalls @ greatcircle . com

Hi,

I'm putting a network behind a firewall that only about a dozen
different folks need to get into.  The firewall is composed of a
single router and a bastion host running ftp and telnet proxies out of
the TIS firewalls toolkit.  The bastian host sits on the internet side
of the router.  The router will silently drop all UDP and all source
routed packets.

My question is this: since filtering on the router and authentication
in the fwtk both include source IP address authentication, how easy is
it to fake an IP address over the network?  Can someone actually get
packets back when faking the IP address of another host?  What kinds
of address faking should I be on the lookout for?

Thanks,
Rob Tanner


      _ _ _ _           _    _ _ _ _ _  
     /\_\_\_\_\        /\_\ /\_\_\_\_\_\  
    /\/_/_/_/_/       /\/_/ \/_/_/_/_/_/  Robert J. Tanner
   /\/_/__\/_/ __    /\/_/    /\/_/       Ames Research Center
  /\/_/_/_/_/ /\_\  /\/_/    /\/_/        (415) 604-3451 (SETI)
 /\/_/ \/_/  /\/_/_/\/_/    /\/_/         (415) 604-5347 (Kuiper)
 \/_/  \/_/  \/_/_/_/_/     \/_/          tanner @
 george .
 arc .
 nasa .
 gov
 ____________________________________________________________________

Indexed By Date	Previous:	Re: Packet filtering overhead From: Luther Garcia <luth @ stealth . sprintlink . net>
Indexed By Date	Next:	Re: Packet filtering overhead From: Brent Chapman <brent @ mycroft . GreatCircle . COM>
Indexed By Thread	Previous:	Re: Packet filtering overhead From: mark @ escact . ksc . nasa . gov (Mark E. Gibbons)
Indexed By Thread	Next:	Re: Faking source address on TCP packets From: quent . johnson @ intellistor . com (Quentin Johnson)