[775] in bugtraq
Re: Router filtering not enough! (Was: Re: CERT advisory )
daemon@ATHENA.MIT.EDU (Brent Chapman)
Wed Jan 25 18:02:53 1995
Date: Wed, 25 Jan 1995 11:53:01 -0800
To: "Jonathan M. Bresler" <jmb@kryten.Atinc.COM>,
Jim Duncan <jim@math.psu.edu>
From: Brent@GreatCircle.COM (Brent Chapman)
Cc: rens@imsi.com, ddrew@mci.net, firewalls@GreatCircle.COM, bugtraq@fc.net,
z056716@uprc.com
At 11:59 1/25/95, Jonathan M. Bresler wrote:
>On Tue, 24 Jan 1995, Jim Duncan wrote:
>
>> > As has been pointed out, only network or
>> > transport-level encryption will entirely block these attacks.
>>
>> That's correct. That and teach people the difference between identification
>> and authentication.
>
> a filtering router is enough to prevent this attack from being
>used from "the outside".
>
> as i understand the spoofing attack, and correct me if i am wrong,
>the source ip address must be used by the destination machine to grant
>access (ala rsh, rhosts and friends). ("spoofer" sends "sucker" a packet
>whose source ip address is "trusted". "sucker" responds to "trusted".
>"spoofer" send "sucker" the third part of the 3 step tcp handshake and
>"sucker" considers the connection established. swamp "trusted" with
>packets to prevent him from sending resets to "sucker".)
>
> if my net is connected to the Net by a router that drops all
>packets from the Net whose source ip address is one of my local ip
>addresses AND i only trust local ip addresses, then i am protected from
>this attack provided it originates from the Net.
That is correct.
-Brent
--
== For info about the Internet Security Firewalls Tutorial and a schedule ==
== of upcoming dates, please send email to Tutorial-Info@GreatCircle.COM ==
==============================================================================
== Brent Chapman Great Circle Associates ==
== Brent@GreatCircle.COM 1057 West Dana Street ==
== +1 415 962 0841 Mountain View, CA 94041 ==
