Re: IP spoofing vs tcp wrappers and netacl

Christopher Klaus (cklaus@shadow.net)
Tue, 24 Jan 1995 11:07:57 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: bmanning@isi.edu: "Re: Hijacking tool"
Previous message: Jake Hill: "Solaris 2.3 PPP"
Next in thread: Perry E. Metzger: "Re: IP spoofing vs tcp wrappers and netacl"

> 
> 
> I'm trying to understand what can be done about IP spoofing in
> an environment where there is no router to filter packets.  Let's
> say your firewall doesn't include a packet filter, and you're
> exposing a dual-homed gateway to the internet which is running
> netacl or tcp wrappers.  One interface is to the outside world,
> the other is to your internal networks.
> 
> Would it be possible for netacl to do a getsockname() and see which
> interface the packet arrived on, and if getpeername() said it was
> from one of the internal nets, but getsockname() said it came in
> on the outside network interface, just close() the connection and
> log it? 

Probably the best way to prevent IP spoofing attacks is to turn off all
ip-based authenication services, ie rsh, rlogin are the main ones.



-- 
Christopher William Klaus	Voice: (404)518-0099. Fax: (404)518-0030
Internet Security Systems, Inc.		Computer Security Consulting
2209 Summit Place Drive, Atlanta, GA. 30350-2450.

Next message: bmanning@isi.edu: "Re: Hijacking tool"
Previous message: Jake Hill: "Solaris 2.3 PPP"
Next in thread: Perry E. Metzger: "Re: IP spoofing vs tcp wrappers and netacl"