Vulnerability Development mailing list archives
Re: Automatic antispoofing rules on access servers.
From: Crist Clark <crist.clark () GLOBALSTAR COM>
Date: Wed, 20 Sep 2000 10:34:39 -0700
Ben Galehouse wrote: [snip]
The typical prepackaged firewall configuration will only block things so badly spoofed that there is no way that the return address could be real. E.G. A packet with an address from the 10.0.0.0/8 subnet should never be seen outside of a private network. So if such comes in from your dsl provider, it is a no brainer to drop it on the floor. I think that most consumer grade firewalls mean this when they advertise spoofing protection.
Grrr... Pet peeve coming up here. It is not clear if you are trying to make the point that nothing mentioned in that paragraph has anything to do with spoofing. Traffic from the 10-net, any other RFC1918 net, or any other reserved numbers not routed on the Inetnet at-large is NOT spoofed traffic (oh, I guess it could be under some rare circumstances[0]). Spoofing means that you are trying to masquerade[1] as someone you are not. Getting 10-net packets banging on the outside of your firewall are usually leaks from misconfigured private networks or decoys. [0] It is could be considered a spoof attempt if you are actually using the same unregistered numbers on your internal network and it looks like someone is trying to slip them in. [1] Confusion of the Linux use of "IP masquerading" when talking about NAT intended, with the hope that someday they may switch to the terminology everyone else, including the RFCs, use. -- Crist J. Clark Network Security Engineer crist.clark () globalstar com Globalstar, L.P. (408) 933-4387 FAX: (408) 933-4926 The information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact postmaster () globalstar com
Current thread:
- Re: Automatic antispoofing rules on access servers. LOS Ralph (Sep 19)
- Re: Automatic antispoofing rules on access servers. Ben Galehouse (Sep 19)
- Re: Automatic antispoofing rules on access servers. Crist Clark (Sep 20)
- <Possible follow-ups>
- Re: Automatic antispoofing rules on access servers. Jeffrey Karpenko (Sep 20)
- Re: Automatic antispoofing rules on access servers. Leon Rosenstein (Sep 20)
- Re: Automatic antispoofing rules on access servers. Ben Galehouse (Sep 20)
- Re: Automatic antispoofing rules on access servers. Ben Galehouse (Sep 19)