|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Firewall comparison in Data Communications
David Newman (dnewman
data.com)
Wed, 02 Jun 1999 18:17:19 -0400
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Bernd Rudack: "sms and adsm over firewalls"
- Previous message: Will Kempf: "Anybody have a clue why..."
- Next in thread: Kevin Steves: "RE: Firewall comparison in Data Communications"
- Reply: Kevin Steves: "RE: Firewall comparison in Data Communications"
> <newbie-mode>What's a "source-routed packet"? And what danger does it pose
> to a Firewall?</newbie-mode>
>
TCP/IP has an facility that allows a packet to specify an explicit route
to a destination instead of going through the usual route lookup
process. The destination host must use the same path, which means a Bad
Guy can easily pose as a trusted host. This is a Terrible Idea from a
security standpoint.
This is not to be confused with layer-2 source route bridging, which is
an Even Worse Idea ;-)
dn
- Next message: Bernd Rudack: "sms and adsm over firewalls"
- Previous message: Will Kempf: "Anybody have a clue why..."
- Next in thread: Kevin Steves: "RE: Firewall comparison in Data Communications"
- Reply: Kevin Steves: "RE: Firewall comparison in Data Communications"
This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:18:59 CDT