Firewall Wizards mailing list archives
RE: Firewall comparison in Data Communications
From: David Newman <dnewman () data com>
Date: Wed, 02 Jun 1999 18:17:19 -0400
<newbie-mode>What's a "source-routed packet"? And what danger does it pose to a Firewall?</newbie-mode>
TCP/IP has an facility that allows a packet to specify an explicit route to a destination instead of going through the usual route lookup process. The destination host must use the same path, which means a Bad Guy can easily pose as a trusted host. This is a Terrible Idea from a security standpoint. This is not to be confused with layer-2 source route bridging, which is an Even Worse Idea ;-) dn
Current thread:
- Re: Firewall comparison in Data Communications Matt Curtin (Jun 01)
- <Possible follow-ups>
- RE: Firewall comparison in Data Communications Brian Steele (Jun 01)
- RE: Firewall comparison in Data Communications Ray Hooker (Jun 02)
- RE: Firewall comparison in Data Communications David T. Smith (Jun 03)
- RE: Firewall comparison in Data Communications Alexander Schreiber (Jun 03)
- Re: Firewall comparison in Data Communications Chris Brenton (Jun 03)
- Re: Firewall comparison in Data Communications Ge' Weijers (Jun 02)
- RE: Firewall comparison in Data Communications David Newman (Jun 02)
- RE: Firewall comparison in Data Communications Kevin Steves (Jun 14)
- RE: Firewall comparison in Data Communications W J La Cholter (Jun 03)
- Re: Firewall comparison in Data Communications Don Kendrick (Jun 03)
- RE: Firewall comparison in Data Communications Russ (Jun 03)
- RE: Firewall comparison in Data Communications csingletary (Jun 03)
- RE: Firewall comparison in Data Communications Rob Polansky (Jun 04)
- Re: Firewall comparison in Data Communications Steven M. Bellovin (Jun 03)
- Re: Firewall comparison in Data Communications Ge' Weijers (Jun 03)
- Re: Firewall comparison in Data Communications dnewman (Jun 03)
- Re: Firewall comparison in Data Communications Ge' Weijers (Jun 03)
(Thread continues...)