On Sat, 13 Oct 2001, Tony Rall wrote:
>
> When a Pix is used to protect servers that allow connections from the
> Internet, the above features also typically won't help you stop spoofing
> from the Internet (except maybe spoofing of your own internal addresses),
> since the Pix will have a default route on its Internet interface.
How does this differ any from the abilities of a router in general? Do
not routers just block spoofs according to whether or not the traffic
should be coming off a particular interface or not? And are they not just
effective in that in the traffic they might have knowledge of <subnets
connected to particular interfaces>? Is this not why there are so many
issues with spoofed traffic in the first place, or am I not understanding
the whole concept of blocking spoofed packets?
Thanks,
Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
