Re: Router filtering not enough! (Was: Re: CERT advisory )

Paul Traina (pst@cisco.com)
Tue, 31 Jan 1995 21:51:56 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Casper Dik: "Re: /dev/kmem: Permission denied"
Previous message: Robert M. Haas: "(no subject)"
In reply to: Aleph One: "Re: Router filtering not enough! (Was: Re: CERT advisory )"
Next in thread: Pete Hartman: "Re: Re: Router filtering not enough! (Was: Re: CERT advisory )"

Well, my personal opinion is that it's a waste of time given that any
packet filtering forwarder fixes this problem trivially,  and randomizing
the ISS properly solves the actuall problem.

If someone wants to throw time and effort into doing it, I have no objection,
as long as they don't mess up the kernel.

  From: Aleph One <aleph1@dfw.net>
  Subject: Re: Router filtering not enough! (Was: Re: CERT advisory ) 

  On Thu, 26 Jan 1995, Paul Traina wrote:

  > > How hard would it be to modify tcpwraper (for example) to check the
  > > incomming MAC address on a connection and to be worried if it came from a
  > > list of routers but the address was the local net?
  > 
  > This breaks people who might have their netmasks set incorrectly on the loc
>>al
  > net.
  > 
  Is this bad? dont think so if it breaks it you will notice and be able to 
  fix it.

  a1
  http://underground.org

Next message: Casper Dik: "Re: /dev/kmem: Permission denied"
Previous message: Robert M. Haas: "(no subject)"
In reply to: Aleph One: "Re: Router filtering not enough! (Was: Re: CERT advisory )"
Next in thread: Pete Hartman: "Re: Re: Router filtering not enough! (Was: Re: CERT advisory )"