John Schnizlein writes:
> My biggest concern about NetBlazers is that at present they cannot be
> configured to block IP source routed packets. Since so many other
> security tools use IP addresses for authentication (no flame please),
> I regard this lack as critical.
I thought the source address in a source-routed reflected actually
reflected the originator? That is, if untrusted host Z routes a packet
to a target A via trusted host B then the source address at A appears
to be Z, not B. That certainly appeared to be the case when I tried
source routing to one of our firewalls via the other from an untrusted
I also thought that the problem with source-routing was drilling packets
through a host that has forwarding disabled.
Can someone put one of us straight? Neil.
uk Phone: +1 718 273 8234
Anything is a cause for sorrow that my mind or body has made