I'm afraid that I wasn't too clear on what my confusion is. I
actually did understand why the filter wouldn't prevent SYN attacks. my
confusion was the statement in the CERT of "With the current IP protocol
technology, it is impossible to eliminate IP-spoofed packets.". Implying
that you can't stop IP-spoofing totally.
I think what I am being told is that this packet filtering would
prevent any packets spoofed to your own internal net address, but would not
be able to prevent spoofs of someone else's address from coming in. I'm not
sure what the implications of the other addresses being spoofed would be to
my network security, unless I am allowing a trusted access of sorts.
Maybe that's naive? Any other comments?
THANKS FOR THE INFO!
At 09:29 AM 9/20/96 -0600, you wrote:
* Andrea Brenton wrote:
* > I am not clear on why this would not eliminate IP-spoofed packets
* > all together. Seems pretty straight forward to me. Prevent any packets
* > coming into my network from the internet if they originate from an IP number
* > that applies to my internal network. What would it miss? What am I
missing?
*
* The IP spoofing that is being used in the SYN attack is that the syn
* segments are being sent with random IP source addresses, not addresses
* on your local network (unless just by chance - about the same odds as
* winning the lottery).
*
* Therefore this type of filtering (which should be implemented to stop
* other types of ip spoofing attacks) will do nothing to prevent this syn
* attack.
*
* geoff
*
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Disclaimer: Any errors in spelling, tact, or fact are transmission
errors.
Andrea Brenton Hurwitz Group, Inc
IS Manager 29 Crafts St
abrenton @
hurwitz .
com Newton, MA 02158
Follow-Ups:
|
|
