Re: Router filtering not enough! (Was: Re: CERT advisory )

Jon Peatfield (J.S.Peatfield@amtp.cam.ac.uk)
Thu, 26 Jan 1995 16:02:47 +0000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: anonymous@some.lame.netcom.not.site: "Re: Router filtering not enough! (Was: Re: CERT advisory )"
Previous message: bho: "Athena Wide Systems by MIT..."
Next in thread: Paul Traina: "Re: Router filtering not enough! (Was: Re: CERT advisory )"

> 	another method.  use the arp cache to check source ip addresses 
> against physical layer addresses, local net packets coming from the Net 
> router, rather then direct from the local machine should be dropped.  
> this is also sufficient to protect against the spoofing attack from the Net.

How hard would it be to modify tcpwraper (for example) to check the incomming 
MAC address on a connection and to be worried if it came from a list of 
routers but the address was the local net?

  -- Jon

Next message: anonymous@some.lame.netcom.not.site: "Re: Router filtering not enough! (Was: Re: CERT advisory )"
Previous message: bho: "Athena Wide Systems by MIT..."
Next in thread: Paul Traina: "Re: Router filtering not enough! (Was: Re: CERT advisory )"