Security Basics mailing list archives
Re: wireless security on notebooks
From: krymson () gmail com
Date: 27 Sep 2007 21:15:09 -0000
I'm not sure what you mean about singularity. I can say that George and I are talking about different directions. I was referring to traffic heading out of your LAN while George is talking about traffic heading into your LAN. Good question! George's suggestion is a practical one, and really doesn't hurt you. It makes sense to make sure a block is in place to stop private IP addresses from coming into your firewall from the Internet (WAN) side, and slipping through into your internal (LAN) network. I think this issue comes up more with "built" firewalls like iptables or pf, but is not a common issue with firewall appliances like SOHO routers/firewalls. They should be blocking things like that natively, and I'd be surprised if they even have options to toggle that behavior. <- snip -> Thank you both for your answer and help. I have a doubt regarding the spuffing issue: Krymson says:
3) The IP 192.168.0.x is not an Internet routable address. Your cable modem, or wireless AP, or whatever you use to get to the Internet will not let that pass through to the WAN side. So nothing to worry about there!
and George says:
Blocking incoming packets to your WAN from any private scheme of IP addresses - 10.0.0.0 ? 10.255.255.255 172.16.0.0 ? 172.31.255.255 and 192.168.0.0 ? 192.168.255.255 - is a good idea. In networking terms is called IP Spoofing meaning that someone using any IP from the above range may deceive your firewall settings and interpreted as someone from your internal network!!
Is there a singularity with these address ranges ?
Current thread:
- wireless security on notebooks Andres (Sep 18)
- <Possible follow-ups>
- Re: wireless security on notebooks krymson (Sep 19)
- Re: wireless security on notebooks Andres (Sep 19)
- Re: wireless security on notebooks Krymson (Sep 20)
- Re: wireless security on notebooks Andres (Sep 27)
- Re: wireless security on notebooks krymson (Sep 27)