>Hello all
>
>I'm not sure if this question was already asked, forgive me if so.
>I'm wondering about the possibility that routers which seperate
>an internal from an external net can filter out ip packets that
>physically come from the external network but have a source ip
>address that logically seems to be from the internal network
>and/or packets phycally from the internal network with logical
>source ip addresses from the external network. It surely isn't
>enough on a cisco to define an access-list and assigning it
>to an interface because it would filter out such packets in
>both directions. The background of it is the rsh masquerade
>attack described by bellovin and morris (in short, guessing the
>other hosts initial sequence number and then imitating an rsh
>connection with wrong source ip address). Most people told me
>that only very few routers can actually do such direction-
>sensitive filtering.
[stuff deleted]
Network Systems' Packet Control Facility (PCF) can do exactly this.
You can check to see which host or gateway you received the packet
from (i.e. did I just receive this internally-sourced packet from an internal
source, or did it come from outside). We also allow you to query the
routing table to find out (for example) which is the next-hop gateway
(i.e. will this packet that is addressed to an internal host be sent
out to the internet).
- Ted
--------------------------------------------------------------------------
Ted Doty, Network Systems Corporation | phone: +1 301 596-2270
8965 Guilford Road, Suite 250 | fax: +1 410 381-3320
Columbia, MD, 21046 USA | voice mail: (800) 233-1485
--------------------------------------------------------------------------
The opinion expressed in this message is fictitious. Any resemblence to
real opinions, living or dead, is purely coincidental.
|
|
