Firewalls: Re: IP spoofing

Firewalls
(September 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: IP spoofing
From:	woods @ ucar . edu (Greg Woods)
Date:	Fri, 20 Sep 96 10:07:03 MDT
To:	abrenton @ hurwitz . com (Andrea Brenton)
Cc:	Firewalls @ GreatCircle . COM
In-reply-to:	<1 . 5 . 4 . 32 . 19960920140006 . 0068b2c0 @ smtp . hurwitz . com>; from "Andrea Brenton" at Sep 20, 96 10:00 am

> > a filtering router that restricts the input to your external interface
> > (known as an input filter) by not allowing a packet through if it has a
> > source address from your internal
> > network. "  
>
>         I am not clear on why this would not eliminate IP-spoofed packets
> all together.

Because this filter only blocks packets that have a spoofed address
from inside the network they are attacking. It does not prevent the
attacker from spoofing an external address, and that is perfectly
adequate to launch the SYN attack.

--Greg

References:

IP spoofing
From: Andrea Brenton <abrenton @ hurwitz . com>

Indexed By Date	Previous:	UNIX vs. NT From: <bh @ stargame . org>
Indexed By Date	Next:	Re: netra firewalls From: Shahryar Jahangir <sj @ bear . com>
Indexed By Thread	Previous:	Re: IP spoofing From: Brian Harvell <harvell @ inet . net>
Indexed By Thread	Next:	Re: IP spoofing From: Ben <ben @ edelweb . fr>