At 02:39 1/24/95, Dermot Tynan wrote:
>'screend' will throw away source-routed packets, anyway. As for bogus
>'src' addresses, even if they could get through, they'd never get back.
Haven't you been paying attention? Whether the packets can get back or
not is IRRELEVANT. There are plenty of attacks that can be carried out
simply by getting packets IN that APPEAR to come from a trusted-by-address
host, regardless of whether or not you can see the results (you don't need
to see them if you can successfully predict what they'd be, and respond as
if you'd seen them).
>In the specific case of 'screend', spoofing a source address from inside
>the firewall won't buy you anything. 'screend' would only allow it to
>talk to the 'gatekeeper' machine anyway, and you can already do that.
>It's a bastion host.
This is HIGHLY dependant on your firewall architecture, and where and how
you have screend deployed. It may be true for your situation; it's not true
Brent Chapman | Great Circle Associates | Call or email for info about
COM | 1057 West Dana Street | upcoming Internet Security
+1 415 962 0841 | Mountain View, CA 94041 | Firewalls Tutorial dates