[786] in bugtraq
Re: Router filtering not enough! (Was: Re: CERT advisory )
daemon@ATHENA.MIT.EDU (Jon Peatfield)
Thu Jan 26 13:29:48 1995
To: "Jonathan M. Bresler" <jmb@kryten.Atinc.COM>
Cc: Jim Duncan <jim@math.psu.edu>, rens@imsi.com, ddrew@mci.net,
firewalls@GreatCircle.COM, bugtraq@fc.net, z056716@uprc.com,
jp107@amtp.cam.ac.uk
In-Reply-To: Your message of "Wed, 25 Jan 1995 11:59:07 EST."
<Pine.3.89.9501251120.F27409-0100000@kryten.atinc.com>
Date: Thu, 26 Jan 1995 16:02:47 +0000
From: Jon Peatfield <J.S.Peatfield@amtp.cam.ac.uk>
> another method. use the arp cache to check source ip addresses
> against physical layer addresses, local net packets coming from the Net
> router, rather then direct from the local machine should be dropped.
> this is also sufficient to protect against the spoofing attack from the Net.
How hard would it be to modify tcpwraper (for example) to check the incomming
MAC address on a connection and to be worried if it came from a list of
routers but the address was the local net?
-- Jon
