|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Firewall comparison in Data Communications
Kevin Steves (stevesk
sweden.hp.com)
Sun, 6 Jun 1999 08:16:02 +0200 (CEST)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Colin Horsington: "Frontpage98"
- Previous message: Kevin Steves: "Re: Firewall-Wizards Digest V1 #311"
- In reply to: Chris Brenton: "Re: Firewall-Wizards Digest V1 #311"
On Wed, 2 Jun 1999, David Newman wrote:
: TCP/IP has an facility that allows a packet to specify an explicit route
: to a destination instead of going through the usual route lookup
: process. The destination host must use the same path, which means a Bad
: Guy can easily pose as a trusted host. This is a Terrible Idea from a
: security standpoint.
The terrible idea is source address-based authentication. But having
said that, a server application that's doing this should be checking for
IP options and refusing connections with options set.
- Next message: Colin Horsington: "Frontpage98"
- Previous message: Kevin Steves: "Re: Firewall-Wizards Digest V1 #311"
- In reply to: Chris Brenton: "Re: Firewall-Wizards Digest V1 #311"
This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:19:00 CDT