[724] in bugtraq
Re: IP spoofing vs tcp wrappers and netacl
daemon@ATHENA.MIT.EDU (Christopher Klaus)
Tue Jan 24 13:22:37 1995
From: Christopher Klaus <cklaus@shadow.net>
To: hue@island.com (Pond Scum)
Date: Tue, 24 Jan 1995 11:07:57 -0500 (EST)
Cc: bugtraq@fc.net, firewalls@GreatCircle.COM
In-Reply-To: <9501240405.AA02694@coney.island.com> from "Pond Scum" at Jan 23, 95 08:05:48 pm
>
>
> I'm trying to understand what can be done about IP spoofing in
> an environment where there is no router to filter packets. Let's
> say your firewall doesn't include a packet filter, and you're
> exposing a dual-homed gateway to the internet which is running
> netacl or tcp wrappers. One interface is to the outside world,
> the other is to your internal networks.
>
> Would it be possible for netacl to do a getsockname() and see which
> interface the packet arrived on, and if getpeername() said it was
> from one of the internal nets, but getsockname() said it came in
> on the outside network interface, just close() the connection and
> log it?
Probably the best way to prevent IP spoofing attacks is to turn off all
ip-based authenication services, ie rsh, rlogin are the main ones.
--
Christopher William Klaus Voice: (404)518-0099. Fax: (404)518-0030
Internet Security Systems, Inc. Computer Security Consulting
2209 Summit Place Drive, Atlanta, GA. 30350-2450.
