Firewall Wizards mailing list archives
RE: Firewall comparison in Data Communications
From: Kevin Steves <stevesk () sweden hp com>
Date: Sun, 6 Jun 1999 08:16:02 +0200 (CEST)
On Wed, 2 Jun 1999, David Newman wrote: : TCP/IP has an facility that allows a packet to specify an explicit route : to a destination instead of going through the usual route lookup : process. The destination host must use the same path, which means a Bad : Guy can easily pose as a trusted host. This is a Terrible Idea from a : security standpoint. The terrible idea is source address-based authentication. But having said that, a server application that's doing this should be checking for IP options and refusing connections with options set.
Current thread:
- Re: Firewall comparison in Data Communications Matt Curtin (Jun 01)
- <Possible follow-ups>
- RE: Firewall comparison in Data Communications Brian Steele (Jun 01)
- RE: Firewall comparison in Data Communications Ray Hooker (Jun 02)
- RE: Firewall comparison in Data Communications David T. Smith (Jun 03)
- RE: Firewall comparison in Data Communications Alexander Schreiber (Jun 03)
- Re: Firewall comparison in Data Communications Chris Brenton (Jun 03)
- Re: Firewall comparison in Data Communications Ge' Weijers (Jun 02)
- RE: Firewall comparison in Data Communications David Newman (Jun 02)
- RE: Firewall comparison in Data Communications Kevin Steves (Jun 14)
- RE: Firewall comparison in Data Communications W J La Cholter (Jun 03)
- Re: Firewall comparison in Data Communications Don Kendrick (Jun 03)
- RE: Firewall comparison in Data Communications Russ (Jun 03)
- RE: Firewall comparison in Data Communications csingletary (Jun 03)
- RE: Firewall comparison in Data Communications Rob Polansky (Jun 04)
- Re: Firewall comparison in Data Communications Steven M. Bellovin (Jun 03)
- Re: Firewall comparison in Data Communications Ge' Weijers (Jun 03)
- Re: Firewall comparison in Data Communications dnewman (Jun 03)
- Re: Firewall comparison in Data Communications Ge' Weijers (Jun 03)
- Re: Firewall comparison in Data Communications Kevin Steves (Jun 14)
(Thread continues...)