Great Circle Associates Firewalls
(July 1994)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: How About Netblazers?
From: nreadwin @ london . micrognosis . com (Neil Readwin)
Date: Fri, 8 Jul 1994 20:48:45 +0100 (BST)
To: johns @ oxygen . house . gov (John Schnizlein)
Cc: firewalls @ GreatCircle . COM
In-reply-to: <9407081845 . AA32873 @ oxygen . house . gov> from "John Schnizlein" at Jul 8, 94 02:45:47 pm

John Schnizlein writes:
> My biggest concern about NetBlazers is that at present they cannot be
> configured to block IP source routed packets. Since so many other
> security tools use IP addresses for authentication (no flame please),
> I regard this lack as critical.

I thought the source address in a source-routed reflected actually
reflected the originator? That is, if untrusted host Z routes a packet
to a target A via trusted host B then the source address at A appears
to be Z, not B. That certainly appeared to be the case when I tried
source routing to one of our firewalls via the other from an untrusted
host.

I also thought that the problem with source-routing was drilling packets
through a host that has forwarding disabled.

Can someone put one of us straight? Neil.
-- 
 nreadwin @
 micrognosis .
 co .
 uk            Phone: +1 718 273 8234
 Anything is a cause for sorrow that my mind or body has made


Follow-Ups:
References:
Indexed By Date Previous: Re: Faking source address on TCP packets (fwd)
From: quent . johnson @ intellistor . com (Quentin Johnson)
Next: Re: Source routing and IP forwarding on SunOs4.1.3
From: scott @ spy . org (Scott D. Yelich)
Indexed By Thread Previous: Re: How About Netblazers?
From: johns @ oxygen . house . gov (John Schnizlein)
Next: Re: How About Netblazers?
From: newsham @ uhunix . uhcc . Hawaii . Edu

Google
 
Search Internet Search www.greatcircle.com