Firewalls: Re: IP spoofing

Firewalls
(September 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: IP spoofing
From:	Adam Shostack <adam @ homeport . org>
Date:	Sun, 22 Sep 1996 16:37:42 -0500 (EST)
To:	lyndond @ sentinet . co . uk (Lyndon David)
Cc:	firewalls @ GreatCircle . COM
In-reply-to:	<01BBA8AE . 126C8BA0 @ pc . sentinet . demon . co . uk> from "Lyndon David" at Sep 22, 96 05:47:05 pm

Lyndon David wrote:
| Not only would I junk and log packets claiming to be from my internal
| network but also junk and log packets that have bits set in the IP options
| header. This would not protect against SYN attacks, just make it
| more difficult for people to claim to be someone else whilst doing it.

Junking packets with options prevents people from using IPsecurity.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume

References:

Re: IP spoofing
From: Lyndon David <lyndond @ sentinet . co . uk>

Indexed By Date	Previous:	Re: Firewall-1 + CERN http proxy From: Ryan Russell/SYBASE <Ryan . Russell @ sybase . com>
Indexed By Date	Next:	Re: Java blocking From: David Vincenzetti <vince @ cryptonet . it>
Indexed By Thread	Previous:	Re: IP spoofing From: Lyndon David <lyndond @ sentinet . co . uk>
Indexed By Thread	Next:	Re: IP spoofing From: Ian Miller <firewalls @ scientia . com>