Bugtraq mailing list archives
Re: Router filtering not enough! (Was: Re: CERT advisory )
From: smb () research att com (smb () research att com)
Date: Fri, 27 Jan 95 08:55:01 EST
we have lost some context here, the original idea included a router between the internal and external (the Net). this router drops all packet from the Net that purport to come from the internal ip address(es). Dunno about you, but my organization, where all of the machines are under common administrative control -- and hence are candidates for hosts.equiv status -- includes 130 people with their own workstations, at least six server-class machines, and 6 Ethernets, and is spread over two locations connected by part of a corporate LAN. Even just the New Jersey portion includes 107 people, 5 Ethernets, and 2 routers. Trust boundaries are administrative concepts, not physical ones. We need the flexibility to split a LAN based on load, without worrying if that will suddenly render useless either our security mechanisms or our ability to work together efficiently. If, in your environment, you have additional information you can take advantage of to increase your security, by all means do so. But the net as a whole needs a more general solution.
Current thread:
- Chances of guessing?, (continued)
- Chances of guessing? Leo Bicknell (Jan 27)
- Re: Chances of guessing? Timothy Newsham (Jan 27)
- Re: Router filtering not enough! (Was: Re: CERT advisory ) Darren Reed (Jan 26)
- Re: Router filtering not enough! (Was: Re: CERT advisory ) Pete Shipley (Jan 26)
- old post on securing a sunos 4.1.* box joshua geller (Jan 30)
- Re: old post on securing a sunos 4.1.* box pluvius (Jan 30)
- Re: Router filtering not enough! (Was: Re: CERT advisory ) smb () research att com (Jan 26)
- Re: Re: Router filtering not enough! (Was: Re: CERT advisory ) Pete Hartman (Jan 26)
- Re: Re: Router filtering not enough! (Was: Re: CERT advisory ) Jonathan M. Bresler (Jan 27)
- Re: Router filtering not enough! (Was: Re: CERT advisory ) Jonathan M. Bresler (Jan 27)
- Re: Router filtering not enough! (Was: Re: CERT advisory ) smb () research att com (Jan 27)
- Re: Router filtering not enough! (Was: Re: CERT advisory ) anonymous () some lame netcom not site (Jan 30)
- list leadership Robert M. Haas (Jan 31)
- Anonymous mailings Adam Shostack (Jan 31)
- list leadership Robert M. Haas (Jan 31)