Is it true that hackers cannot spoof illegal TCPIP addresses - for those
clients using network address translation?
-Jay
----------
> From: Magossa'nyi A'rpa'd <mag @
bunuel .
tii .
matav .
hu>
> To: Santi Ribas <santi @
browns .
co .
uk>
> Cc: firewalls @
GreatCircle .
COM
> Subject: Re: Why controlling Source IP address on a Firewall?
> Date: Monday, July 28, 1997 2:50 AM
>
> On Thu, 24 Jul 1997, Santi Ribas wrote:
>
> > If the Source IP address is easily spoofed, why implement Source IP
> > Address control in a Firewall?
> >
> > The only difference I see is that by controlling it, a hacker will
> > probably need to check for TCP Sequence Prediction, create a deny of
> > service to the real client and change the source IP address of the
> > packet.
> Not exactly. If you have a good network setup, you can have address
> ranges which can't be spoofed from "outside" (not talking now about
social
> engineering, and already cracked systems inside).
> One example is a host in the same subnet, where you can wire in that ARP
> entry (which in fact can be spoofed as well, but iff the enemy is already
on
> that subnet).
> Yes, only src IP address control is not an ultimate solution, but it
seems
> enough when you want to decide wether your http proxy requested that http
> connection to the outside, and it is written in the corporate policy that
IP
> spoofing is illegal.
>
> ---
> GNU GPL: csak tiszta forrásból
>
>
|
|
