Bugtraq mailing list archives
Re: Router filtering not enough! (Was: Re: CERT advisory )
From: D.Mitchell () dcs shef ac uk (Dave Mitchell)
Date: Thu, 26 Jan 95 10:09:13 GMT
"Jonathan M. Bresler" <jmb () kryten Atinc COM> writes:
On Tue, 24 Jan 1995, Jim Duncan wrote:As has been pointed out, only network or transport-level encryption will entirely block these attacks.That's correct. That and teach people the difference between identification and authentication.a filtering router is enough to prevent this attack from being used from "the outside".
This is all well and good as long as there is a simple "inside"/"outside" distinction. I am in this happy situation at the moment, and I have a filter between my dept and the main campus which rejects external packets claiming an internal src IP address. HOWEVER, I am likely to come under political pressure soon to allow R-protocol, NFS, etc to a machine on the other side of this filter. At which point my filter is virtually useless. So I think its true to say that as a generalisation, encryption *is* the only way to block attacks. Dave. * David Mitchell, Systems Administrator, email: D.Mitchell () dcs shef ac uk * Dept. Computer Science, Sheffield Uni. phone: +44 114-282-5573 * 211 Portobello St, Sheffield S1 4DP, UK. fax: +44 114-278-0972 * * Standards (n). Battle insignia or tribal totems
Current thread:
- Re: Router filtering not enough! (Was: Re: CERT advisory ) Dave Mitchell (Jan 26)
- Re: Router filtering not enough! (Was: Re: CERT advisory ) Jonathan M. Bresler (Jan 26)
- <Possible follow-ups>
- Re: Router filtering not enough! (Was: Re: CERT advisory ) Jon Peatfield (Jan 26)
- Re: Router filtering not enough! (Was: Re: CERT advisory ) Paul Traina (Jan 26)
- Would an encrypted tunnel solve the SeqNo guessing attack? Bennett Todd (Jan 26)
- Re: Would an encrypted tunnel solve the SeqNo guessing attack? Mark (Jan 26)
- Loaded system no protection. Leo Bicknell (Jan 27)
- Re: Would an encrypted tunnel solve the SeqNo guessing attack? Marc Tamsky (Jan 27)
- Re: Would an encrypted tunnel solve the SeqNo guessing attack? Paul Robinson (Jan 27)
- Very Confused!! Mohamad A Khatoun (Jan 27)
- Re: Router filtering not enough! (Was: Re: CERT advisory ) Paul Traina (Jan 26)
- Notes from Tsutomo's Talk Michael B. Dilger (Jan 26)