On Thu, 24 Jul 1997, Santi Ribas wrote:
> If the Source IP address is easily spoofed, why implement Source IP
> Address control in a Firewall?
> The only difference I see is that by controlling it, a hacker will
> probably need to check for TCP Sequence Prediction, create a deny of
> service to the real client and change the source IP address of the
Not exactly. If you have a good network setup, you can have address
ranges which can't be spoofed from "outside" (not talking now about social
engineering, and already cracked systems inside).
One example is a host in the same subnet, where you can wire in that ARP
entry (which in fact can be spoofed as well, but iff the enemy is already on
Yes, only src IP address control is not an ultimate solution, but it seems
enough when you want to decide wether your http proxy requested that http
connection to the outside, and it is written in the corporate policy that IP
spoofing is illegal.
GNU GPL: csak tiszta forrásból