On 24 Oct 99, at 13:28, mssjim wrote:
> Could anybody tell me that is it necessary to block all
> "source-route" at routers (connected to Internet) installed in the
> public segment of the Firewall??
While this traffic *might* be legit, it also could be from someone
spoofing the source address, and using source-routing to make
responses pass a point where they can be sniffed (so that they're not
spoofing blind). Blocking it seems like a sensible precaution.
> If yes, is it necessary to block "source-route" at routers installed in
> the internal segment of the Firewall and Firewall itself, too??
If you block these at the choke router(s), then any such traffic
inboard of that must be either (a) legitimate, or (b) coming from
someone who is already inside your perimeter. Unless you're running
an ISP, this is probably a question of your policy of what employees
are allowed to do on the network.
It might be wise to keep tabs on such activity, but whether you
need to block it is a judgement call.
David G
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
