Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Firewall comparison in Data Communications

From: Kevin Steves <stevesk () sweden hp com>
Date: Sun, 6 Jun 1999 08:16:02 +0200 (CEST)
On Wed, 2 Jun 1999, David Newman wrote:
: TCP/IP has an facility that allows a packet to specify an explicit route
: to a destination instead of going through the usual route lookup
: process. The destination host must use the same path, which means a Bad
: Guy can easily pose as a trusted host. This is a Terrible Idea from a
: security standpoint. 

The terrible idea is source address-based authentication.  But having
said that, a server application that's doing this should be checking for
IP options and refusing connections with options set.
Previous By Date Next
Previous By Thread Next

Current thread: