Great Circle Associates Firewalls
(September 1996) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: IP spoofing
From: Geoff Mulligan <geoff @ mulligan . com>
Date: Fri, 20 Sep 1996 09:29:41 -0600
To: abrenton @ hurwitz . com
Cc: Firewalls @ GreatCircle . COM
In-reply-to: Your message of "Fri, 20 Sep 1996 10:00:06 -0400"
References: <1 . 5 . 4 . 32 . 19960920140006 . 0068b2c0 @ smtp . hurwitz . com> 
Andrea Brenton wrote:
>         I am not clear on why this would not eliminate IP-spoofed packets
> all together.  Seems pretty straight forward to me.  Prevent any packets
> coming into my network from the internet if they originate from an IP number
> that applies to my internal network.  What would it miss?  What am I missing?

The IP spoofing that is being used in the SYN attack is that the syn
segments are being sent with random IP source addresses, not addresses
on your local network (unless just by chance - about the same odds as
winning the lottery).

Therefore this type of filtering (which should be implemented to stop
other types of ip spoofing attacks) will do nothing to prevent this syn
attack.

	geoff
References:
  • IP spoofing
    From: Andrea Brenton <abrenton @ hurwitz . com>
Indexed By Date Previous: Re: Firewall Consultants
From: char <csample @ v-one . com>
Next: Re: IP spoofing
From: Brian Harvell <harvell @ inet . net>
Indexed By Thread Previous: Re: IP spoofing
From: Ken Jones <kenj @ cayman . gblhorizon . com>
Next: Re: IP spoofing
From: Brian Harvell <harvell @ inet . net>
Google
 
Search Internet Search www.greatcircle.com