Firewalls: Re: How About Netblazers?

Firewalls
(July 1994)

Indexed By Thread: [Previous] [Next]

Subject:	Re: How About Netblazers?
From:	nreadwin @ london . micrognosis . com (Neil Readwin)
Date:	Fri, 8 Jul 1994 20:48:45 +0100 (BST)
To:	johns @ oxygen . house . gov (John Schnizlein)
Cc:	firewalls @ GreatCircle . COM
In-reply-to:	<9407081845 . AA32873 @ oxygen . house . gov> from "John Schnizlein" at Jul 8, 94 02:45:47 pm

John Schnizlein writes:
> My biggest concern about NetBlazers is that at present they cannot be
> configured to block IP source routed packets. Since so many other
> security tools use IP addresses for authentication (no flame please),
> I regard this lack as critical.

I thought the source address in a source-routed reflected actually
reflected the originator? That is, if untrusted host Z routes a packet
to a target A via trusted host B then the source address at A appears
to be Z, not B. That certainly appeared to be the case when I tried
source routing to one of our firewalls via the other from an untrusted
host.

I also thought that the problem with source-routing was drilling packets
through a host that has forwarding disabled.

Can someone put one of us straight? Neil.
-- 
 nreadwin @
 micrognosis .
 co .
 uk            Phone: +1 718 273 8234
 Anything is a cause for sorrow that my mind or body has made

Follow-Ups:

Re: How About Netblazers?
From: newsham @ uhunix . uhcc . Hawaii . Edu

References:

Re: How About Netblazers?
From: johns @ oxygen . house . gov (John Schnizlein)

Indexed By Date	Previous:	Re: Faking source address on TCP packets (fwd) From: quent . johnson @ intellistor . com (Quentin Johnson)
Indexed By Date	Next:	Re: Source routing and IP forwarding on SunOs4.1.3 From: scott @ spy . org (Scott D. Yelich)
Indexed By Thread	Previous:	Re: How About Netblazers? From: johns @ oxygen . house . gov (John Schnizlein)
Indexed By Thread	Next:	Re: How About Netblazers? From: newsham @ uhunix . uhcc . Hawaii . Edu