Firewalls: IP spoofing vs tcp wrappers and netacl

Firewalls
(January 1995)

Indexed By Thread: [Previous] [Next]

Subject:	IP spoofing vs tcp wrappers and netacl
From:	hue @ island . com (Pond Scum)
Date:	Mon, 23 Jan 1995 20:05:48 +0800
To:	firewalls @ greatcircle . com

I'm trying to understand what can be done about IP spoofing in
an environment where there is no router to filter packets.  Let's
say your firewall doesn't include a packet filter, and you're
exposing a dual-homed gateway to the internet which is running
netacl or tcp wrappers.  One interface is to the outside world,
the other is to your internal networks.

Would it be possible for netacl to do a getsockname() and see which
interface the packet arrived on, and if getpeername() said it was
from one of the internal nets, but getsockname() said it came in
on the outside network interface, just close() the connection and
log it? 

Would this be a reasonable thing to add to netacl or tcp wrappers?

-Jonathan		hue @
 island .
 com

Follow-Ups:

Re: IP spoofing vs tcp wrappers and netacl
From: mcr @ milkyway . com (Michael Richardson)
Re: IP spoofing vs tcp wrappers and netacl
From: Christopher Klaus <cklaus @ shadow . net>

Indexed By Date	Previous:	Re: NYT Article this morning From: zbo @ netcom . com (James A. Shankland)
Indexed By Date	Next:	swIPe From: jim @ Tadpole . COM
Indexed By Thread	Previous:	Re: Where to get CERT Advisory From: Frank Wortner <frank @ prodigy . com>
Indexed By Thread	Next:	Re: IP spoofing vs tcp wrappers and netacl From: Christopher Klaus <cklaus @ shadow . net>