Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Automatic antispoofing rules on access servers.

From: LOS Ralph <rlos () ENVESTNET COM>
Date: Tue, 19 Sep 2000 12:30:56 -0500
We are using a SonicWall for security on some branch offices.  I've had very
good success with this product in blocking spoofed IP traffic.  All the
firewall will do is log the traffic, yell at the admin receiving alerts, and
drop the spoofed traffic before it passes the firewall - or so I'm told.
I've not had time to research this more thoroughly as I'm not well-versed in
spoofing IP's (yet).
....and that's my $0.02

Regards,

Ralph M. Los
Internet Systems & Security Admin.              (312) 827-3945 (direct)
EnvestNet Advisory Corp.                        (312) 296-9003 (wireless)
                                                rlos () envestnet com


-----Original Message-----
From: Lincoln Yeoh [mailto:lyeoh () POP JARING MY]
Sent: Monday, September 18, 2000 9:51 PM
To: VULN-DEV () SECURITYFOCUS COM
Subject: Automatic antispoofing rules on access servers.


I believe antispoofing filters won't really use up much CPU. So probably
one of the main reasons ISPs don't use them at their access servers is the
administrative cost in maintaining the rules.

However I recently noticed that Cisco has a feature which seems to make
this simpler to do.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121
t/121t2/rpf_plus.htm

Do other major router/access server manufacturers have similar features?

If such features were more widely used, smurfing and spoofing stuff would
be a lot more difficult than it is now.

Are there any problems which would discourage use by ISPs?

Cheerio,
Link.
Previous By Date Next
Previous By Thread Next

Current thread: