Firewalls: Re: IP spoofing

Firewalls
(September 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: IP spoofing
From:	"Jerry McKane" <jerrym @ Onramp . NET>
Date:	Mon, 23 Sep 1996 09:37:52 -0500
To:	"Rob Peglar" <robp @ anubis . network . com>, "Ben" <ben @ edelweb . fr>
Cc:	<firewalls @ GreatCircle . COM>

all
 
from arong 12-1 pm i will be in a weekly sdg meeting 

thanks


Jerry McKane       OnRamp Technologies
    http://rampages.onramp.net/~jerrym
 Network Operations             Lan Support
 ph. 214-672-7233         fax. 214-746-7275

----------
> From: Rob Peglar <robp @
 anubis .
 network .
 com>
> To: Ben <ben @
 edelweb .
 fr>
> Cc: firewalls @
 GreatCircle .
 COM
> Subject: Re: IP spoofing
> Date: Monday, September 23, 1996 8:15 AM
> 
> Only if your rules are lax enough to allow IP headers with length
> less than 20 bytes.  It's good practice to toss/log/alarm all such
packets.
> 
> E.g. 
> 
> filter badhdr
>   not ip_datagram_length in (20..65535) alarm 8 fail; end
> 
> Rob
> 
> > An attacker can use a packet fragmentation technique to get a spoofed
> > packet behind your filter rules by using a set of packet fragments that
> > when separate would not trigger your rules, but when assembled would
have 
> > a spoofed address.  
> 
> 
> -- 
> Rob Peglar		Network Systems Corporation
> robp @
 network .
 com	7600 Boone Ave N.  Mpls. MN 55428
> 612.391.1028		612.391.1358 (fax)

Indexed By Date	Previous:	Re: S/Key Holes From: Warren Moore <warren . moore @ cbis . com>
Indexed By Date	Next:	Re: Go away CIA From: "Paul D. Robertson" <proberts @ clark . net>
Indexed By Thread	Previous:	Re: IP spoofing From: Ian Miller <firewalls @ scientia . com>
Indexed By Thread	Next:	ICMP Codes From: oolid @ acqic . org (Joseph L. Moll)