I usually just hang out here trying to learn from all the great info
that gets posted here (Thanks all!), but I just got a CERT that I had to ask
some questions of the experts on.
The CERT warns of SYN attacks (lots of traffic on that here lately),
and mentions IP spoofing. The statement in the CERT is "With the current IP
protocol technology, it is impossible to eliminate IP-spoofed packets.
However, you can take steps to reduce the number of IP-spoofed packets
entering and exiting your network. Currently, the best method is to install
a filtering router that restricts the input to your external interface
(known as an input filter) by not allowing a packet through if it has a
source address from your internal
network. "
I am not clear on why this would not eliminate IP-spoofed packets
all together. Seems pretty straight forward to me. Prevent any packets
coming into my network from the internet if they originate from an IP number
that applies to my internal network. What would it miss? What am I missing?
Thanks for any clarification that might be offered!
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Disclaimer: Any errors in spelling, tact, or fact are transmission
errors.
Andrea Brenton Hurwitz Group, Inc
IS Manager 29 Crafts St
abrenton @
hurwitz .
com Newton, MA 02158
Follow-Ups:
|
|
