On Thu, 7 Aug 2003, James Neave wrote: > Quick question. With Bering 1.2 now installed here at work, my boss has > asked me if we are protected against people IP spoofing. > > No I don't really know much about it. And I don't even see the point of > chaging your source address. >
Naive firewalls filter by source address alone and allow access if the source IP is within certain parameters. Therefore, if the source IP address is falsified, the attacker may find a way through your firewall. > And apart from setting the spoof protect flag to YES, I am unable to > prove that this is not an issue to be worried about. Shorewall has a number of anti-spoofing tactics. a) Except for blacklisting rules, all shorewall rules and policies are enforced by a combination of source IP address AND source interface. b) Shorewall offers the 'routrfilter' interface option which rejects any packets from a source that woudln't be routed back out that same interface. y c) Shorewall offers the 'norfc1918' interface option that rejects any packets arriving on that interface where either the source OR destination IP address fails to pass the restrictions in the /etc/shorewall/rfc1918 file. > I can only assume that anything this obvious is already catered for. > > A valid assumption, yes? > In the case of Shorewall, Yes... -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
