> > > I'm trying to understand what can be done about IP spoofing in > an environment where there is no router to filter packets. Let's > say your firewall doesn't include a packet filter, and you're > exposing a dual-homed gateway to the internet which is running > netacl or tcp wrappers. One interface is to the outside world, > the other is to your internal networks. > > Would it be possible for netacl to do a getsockname() and see which > interface the packet arrived on, and if getpeername() said it was > from one of the internal nets, but getsockname() said it came in > on the outside network interface, just close() the connection and > log it? Probably the best way to prevent IP spoofing attacks is to turn off all ip-based authenication services, ie rsh, rlogin are the main ones. -- Christopher William Klaus Voice: (404)518-0099. Fax: (404)518-0030 Internet Security Systems, Inc. Computer Security Consulting 2209 Summit Place Drive, Atlanta, GA. 30350-2450.