Bugtraq mailing list archives
Re: IP spoofing vs tcp wrappers and netacl
From: cklaus () shadow net (Christopher Klaus)
Date: Tue, 24 Jan 1995 11:07:57 -0500 (EST)
I'm trying to understand what can be done about IP spoofing in an environment where there is no router to filter packets. Let's say your firewall doesn't include a packet filter, and you're exposing a dual-homed gateway to the internet which is running netacl or tcp wrappers. One interface is to the outside world, the other is to your internal networks. Would it be possible for netacl to do a getsockname() and see which interface the packet arrived on, and if getpeername() said it was from one of the internal nets, but getsockname() said it came in on the outside network interface, just close() the connection and log it?
Probably the best way to prevent IP spoofing attacks is to turn off all ip-based authenication services, ie rsh, rlogin are the main ones. -- Christopher William Klaus Voice: (404)518-0099. Fax: (404)518-0030 Internet Security Systems, Inc. Computer Security Consulting 2209 Summit Place Drive, Atlanta, GA. 30350-2450.
Current thread:
- Re: IP spoofing vs tcp wrappers and netacl Christopher Klaus (Jan 24)
- Re: IP spoofing vs tcp wrappers and netacl Perry E. Metzger (Jan 24)
- Re: IP spoofing vs tcp wrappers and netacl Christopher Klaus (Jan 24)
- Re: IP spoofing vs tcp wrappers and netacl Perry E. Metzger (Jan 24)
- Re: IP spoofing vs tcp wrappers and netacl Darren Reed (Jan 24)
- Re: IP spoofing vs tcp wrappers and netacl Christopher Klaus (Jan 24)
- Re: IP spoofing vs tcp wrappers and netacl Pete Shipley (Jan 25)
- Re: IP spoofing vs tcp wrappers and netacl Perry E. Metzger (Jan 24)