Firewall Wizards mailing list archives
Re: Firewall-Wizards Digest V1 #311
From: "Ryan Russell" <Ryan.Russell () sybase com>
Date: Tue, 1 Jun 1999 20:27:59 -0700
Proxies can't do this without an extra shim of some sort, FW-1 doesn't do it.. which firewalls do? I believe most rely on the OS to take care of it, or expect it shut off at the routers. Besides, you want to be able to configure that off in the OS, as another item on your hardening list to make it fail closed, or as closed as possible. Ryan The ablity to detect source route packets is "generally" provided by the firewall software that one installs. The driver in most of the firewalls detcts the IP options in the IP packet and takes a decision on the necessary action as configured. The NT OS or the Unix OS do not detect source routed packets. So one would need another software to detect such packets, and one would in all probability do this with a firewall software....
Current thread:
- Re: Firewall-Wizards Digest V1 #311 Sandy Green (Jun 01)
- Re: Firewall-Wizards Digest V1 #311 Matt Curtin (Jun 01)
- Re: Firewall-Wizards Digest V1 #311 Carric Dooley (Jun 03)
- <Possible follow-ups>
- Re: Firewall-Wizards Digest V1 #311 Ryan Russell (Jun 03)
- Re: Firewall-Wizards Digest V1 #311 Chris Brenton (Jun 03)
- Re: Firewall-Wizards Digest V1 #311 Kevin Steves (Jun 14)
- Re: Firewall-Wizards Digest V1 #311 dreamwvr (Jun 03)
- Re: Firewall-Wizards Digest V1 #311 Chris Brenton (Jun 03)
- Re: Firewall-Wizards Digest V1 #311 Ryan Russell (Jun 03)
- Re: Firewall-Wizards Digest V1 #311 Ivan Arce (Jun 14)
- Re: Firewall-Wizards Digest V1 #311 Kevin Steves (Jun 14)
- Re: Firewall-Wizards Digest V1 #311 Matt Curtin (Jun 01)