[739] in bugtraq
Re: IP spoofing vs tcp wrappers and netacl
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Tue Jan 24 16:03:55 1995
To: Christopher Klaus <cklaus@shadow.net>
Cc: bugtraq@fc.net, firewalls@GreatCircle.COM
In-Reply-To: Your message of "Tue, 24 Jan 1995 11:07:57 EST."
<199501241607.LAA12933@shadow.net>
Reply-To: perry@imsi.com
Date: Tue, 24 Jan 1995 13:07:28 -0500
From: "Perry E. Metzger" <perry@imsi.com>
Christopher Klaus says:
> Probably the best way to prevent IP spoofing attacks is to turn off all
> ip-based authenication services, ie rsh, rlogin are the main ones.
Insufficient. If you can see at least part of the packet stream, you
can session-steal. This makes a mockery of things like S/Key.
Perry
