Firewall Wizards mailing list archives
Re: Firewall-Wizards Digest V1 #311
From: "Ryan Russell" <Ryan.Russell () sybase com>
Date: Tue, 1 Jun 1999 20:27:59 -0700
Proxies can't do this without an extra shim of some sort,
FW-1 doesn't do it.. which firewalls do? I believe most
rely on the OS to take care of it, or expect it shut off at the
routers. Besides, you want to be able to configure that off
in the OS, as another item on your hardening list to make
it fail closed, or as closed as possible.
Ryan
The ablity to detect source route packets is
"generally" provided by the firewall software that one
installs. The driver in most of the firewalls detcts
the IP options in the IP packet and takes a decision
on the necessary action as configured.
The NT OS or the Unix OS do not detect source
routed packets. So one would need another software
to detect such packets, and one would in all
probability do this with a firewall software....
Current thread:
- Re: Firewall-Wizards Digest V1 #311 Sandy Green (Jun 01)
- Re: Firewall-Wizards Digest V1 #311 Matt Curtin (Jun 01)
- Re: Firewall-Wizards Digest V1 #311 Carric Dooley (Jun 03)
- <Possible follow-ups>
- Re: Firewall-Wizards Digest V1 #311 Ryan Russell (Jun 03)
- Re: Firewall-Wizards Digest V1 #311 Chris Brenton (Jun 03)
- Re: Firewall-Wizards Digest V1 #311 Kevin Steves (Jun 14)
- Re: Firewall-Wizards Digest V1 #311 dreamwvr (Jun 03)
- Re: Firewall-Wizards Digest V1 #311 Chris Brenton (Jun 03)
- Re: Firewall-Wizards Digest V1 #311 Ryan Russell (Jun 03)
- Re: Firewall-Wizards Digest V1 #311 Ivan Arce (Jun 14)
- Re: Firewall-Wizards Digest V1 #311 Kevin Steves (Jun 14)
- Re: Firewall-Wizards Digest V1 #311 Matt Curtin (Jun 01)