Firewalls: Re: Why controlling Source IP address on a Firewall?

Firewalls
(July 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Why controlling Source IP address on a Firewall?
From:	"Magossa'nyi A'rpa'd" <mag @ bunuel . tii . matav . hu>
Date:	Mon, 28 Jul 1997 08:50:05 +0100
To:	Santi Ribas <santi @ browns . co . uk>
Cc:	firewalls @ GreatCircle . COM
In-reply-to:	<33D797FB . EA7B508E @ browns . co . uk>

On Thu, 24 Jul 1997, Santi Ribas wrote:

> If the Source IP address is easily spoofed, why implement Source IP
> Address control in a Firewall?
> 
> The only difference I see is that by controlling it, a hacker will
> probably need to check for TCP Sequence Prediction, create a deny of
> service to the real client and change the source IP address of the
> packet.
Not exactly. If you have a good network setup, you can have address
ranges which can't be spoofed from "outside" (not talking now about social
engineering, and already cracked systems inside).
One example is a host in the same subnet, where you can wire in that ARP
entry (which in fact can be spoofed as well, but iff the enemy is already on
that subnet).
Yes, only src IP address control is not an ultimate solution, but it seems
enough when you want to decide wether your http proxy requested that http
connection to the outside, and it is written in the corporate policy that IP
spoofing is illegal.

---
GNU GPL: csak tiszta forrásból

References:

Why controlling Source IP address on a Firewall?
From: Santi Ribas <santi @ browns . co . uk>

Indexed By Date	Previous:	Five Free signed copies of Underground available From: proff @ suburbia . net
Indexed By Date	Next:	Firewalls FAQ From: Christopher Nicholls <chrisn @ softway . com . au>
Indexed By Thread	Previous:	Re: Why controlling Source IP address on a Firewall? From: C Matthew Curtin <cmcurtin @ research . megasoft . com>
Indexed By Thread	Next:	Re: Why controlling Source IP address on a Firewall? From: "Jay K. Bahel" <jbahel @ mcs . net>