Great Circle Associates Firewalls
(July 1994)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: Faking source address on TCP packets
From: quent . johnson @ intellistor . com (Quentin Johnson)
Date: Wed, 6 Jul 94 09:04:43 MDT
To: firewalls @ greatcircle . com

"Rob Tanner" <tanner @
 george .
 arc .
 nasa .
 gov> asked about IP address spoofing:

> I'm putting a network behind a firewall that only about a dozen
> different folks need to get into.  The firewall is composed of a
> single router and a bastion host running ftp and telnet proxies out of
> the TIS firewalls toolkit.  The bastian host sits on the internet side
> of the router.  The router will silently drop all UDP and all source
> routed packets.

Why not put a router/packet filter between the Internet and the bastion
host?  Then you can tell the router to drop packets going to your
networks that have your IP addresses since nobody with your IP
addresses should be coming through the router from the Internet.

	Quent Johnson



Indexed By Date Previous: Re: Packet filtering overhead
From: quent . johnson @ intellistor . com (Quentin Johnson)
Next: Re: Quality of packet filtering in Cisco vs. Morning Star
From: Brent Chapman <brent @ mycroft . GreatCircle . COM>
Indexed By Thread Previous: Faking source address on TCP packets
From: "Rob Tanner" <tanner @ george . arc . nasa . gov>
Next: Re: Faking source address on TCP packets
From: david @ bdt . com (David Beckemeyer)

Google
 
Search Internet Search www.greatcircle.com