On Thu, 7 Aug 2003, James Neave wrote:
> Hello all,
>
> Quick question. With Bering 1.2 now installed here at work, my boss has
> asked me if we are protected against people IP spoofing.
>
> No I don't really know much about it. And I don't even see the point of
> chaging your source address.
To get packets past the firewall's first line of defense.
I know of three possible uses for this: a) denial of service attacks,
b) triggering known software bugs, c) extended communication through the
firewall. (a) and (b) only require that the sender be able to send the
packets. (c) requires that the sender be in the default return routing
path of the spoofed address in order to intercept them.
> And apart from setting the spoof protect flag to YES, I am unable to
> prove that this is not an issue to be worried about.
> I can only assume that anything this obvious is already catered for.
>
> A valid assumption, yes?
Usually. The easy anti-spoof techniques involve insuring that packets
don't arrive on interfaces that don't normally correspond to the routing
table, and yes, they are implemented in the default firewall
configurations. The more challenging ones involve the possibilities
discussed above, and involve specific decisions you make in configuring
the firewall. In some cases, you cannot avoid the risk if you want
specific functionality (involving various types of external access)... but
in those cases, I don't see how other firewalls will be able to do
better.
---------------------------------------------------------------------------
Jeff Newmiller The ..... ..... Go Live...
DCN:<[EMAIL PROTECTED]> Basics: ##.#. ##.#. Live Go...
Live: OO#.. Dead: OO#.. Playing
Research Engineer (Solar/Batteries O.O#. #.O#. with
/Software/Embedded Controllers) .OO#. .OO#. rocks...2k
---------------------------------------------------------------------------
-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
