Firewalls: Why controlling Source IP address on a Firewall?

Firewalls
(July 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Why controlling Source IP address on a Firewall?
From:	Santi Ribas <santi @ browns . co . uk>
Organization:	Brown's Operating System Services
Date:	Thu, 24 Jul 1997 18:59:23 +0100
To:	firewalls @ greatcircle . com
Reply-to:	santi @ browns . co . uk

If the Source IP address is easily spoofed, why implement Source IP
Address control in a Firewall?

The only difference I see is that by controlling it, a hacker will
probably need to check for TCP Sequence Prediction, create a deny of
service to the real client and change the source IP address of the
packet.

Is that the reason??

-- 
Santi Ribas

Follow-Ups:

Re: Why controlling Source IP address on a Firewall?
From: "Magossa'nyi A'rpa'd" <mag @ bunuel . tii . matav . hu>
Re: Why controlling Source IP address on a Firewall?
From: C Matthew Curtin <cmcurtin @ research . megasoft . com>

Indexed By Date	Previous:	Blocking ICMP Echo Denial of Service attacks From: rewtin <root @ phawd . com-stock . com>
Indexed By Date	Next:	Re: Virus Scanner From: Pauline van Winsen - Uniq Professional Services <Pauline . van . Winsen @ uniq . com . au>
Indexed By Thread	Previous:	Blocking ICMP Echo Denial of Service attacks From: rewtin <root @ phawd . com-stock . com>
Indexed By Thread	Next:	Re: Why controlling Source IP address on a Firewall? From: C Matthew Curtin <cmcurtin @ research . megasoft . com>