Greetings!
On Wed, 14 Jan 2004 09:55:20 +0000 [EMAIL PROTECTED]
wrote:
> Quick question about IP spoofing.
>
> If an organisation uses rfc1918 IP addresses, why would it be still
> necessary to implement IP spoofing on the firewall.
> As far as I know ISP do not route rfc1918 traffic, therefore the
> organisation should not be vulnerable to attacks. or am I missing
> something ???
ISP will filter (i.e. not route) IP packets directed **TO** RfC1918
addresses. But the main problem on firewalls are forged packets
supposedly coming **FROM** internal network.
Quite often (esp. on small sites) you have a rule
"internal" --> "any" : allow any protocol
If now a worm like Slammer sends a packet (and one was enough for the
worm) towards an internal host with a forged "internal" source IP
address, it will be allowed to do so. Aaaand... Bingo!
See the point?
Bye
Volker Tanger
ITK-Security
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
