Great Circle Associates Firewalls
(January 1995) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Router filtering not enough! (Was: Re: CERT advisory )
From: Jon Peatfield <J . S . Peatfield @ damtp . cambridge . ac . uk>
Date: Fri, 27 Jan 1995 15:05:48 +0000
To: Paul Traina <pst @ cisco . com>
Cc: jp107 @ damtp . cambridge . ac . uk, "Jonathan M. Bresler" <jmb @ kryten . Atinc . COM>, Jim Duncan <jim @ math . psu . edu>, rens @ imsi . com, ddrew @ mci . net, firewalls @ GreatCircle . COM, bugtraq @ fc . net, z056716 @ uprc . com
In-reply-to: Your message of "Thu, 26 Jan 1995 10:11:03 PST." <199501261811 . KAA16212 @ feta . cisco . com> 
> This breaks people who might have their netmasks set incorrectly on the local
> net.

I was assuming you would configure it to know what local addresses are rather 
then expecting it to work them out.  So many sites use sub-netting and run 
several sub-nets on one ethernet (we do), that determining the "local" 
addresses is non trivial.  A list of networks/netmasks together with a list of 
router MAC addresses should be sufficient.

-- Jon
References:
Indexed By Date Previous: Re: Firewall-1 and TCP Sequence Number Spoofing
From: Pug <pug @ arlut . utexas . edu>
Next: Re: Dynamically Re-arranged Access Lists?
From: Dan Thorson <Dan_Thorson @ notes . seagate . com>
Indexed By Thread Previous: Re: Router filtering not enough! (Was: Re: CERT advisory )
From: Pete Shipley <shipley @ merde . dis . org>
Next: Re: Router filtering not enough! (Was: Re: CERT advisory )
From: "Daniel O'Callaghan" <danny @ www . unimelb . edu . au>
Google
 
Search Internet Search www.greatcircle.com