[prev in list] [next in list] [prev in thread] [next in thread]
List: firewalls-gc
Subject: Re: IP Filters?
From: Darren Reed <avalon () coombs ! anu ! edu ! au>
Date: 1997-07-05 4:56:37
[Download RAW message or body]
In some mail from Travis Hassloch, sie said:
>
> It doesn't keep connection state in the packet like TCP does,
> but that doesn't mean a gateway can't. Besides, if you
> rely on what the TCP flags say you're opening yourself
> up to passive port scans (i.e. scans based on packets with ACK
> set).
Not if you've half a clue about things. Some vendors are missing
half a clue but.
> >Note: ingress traffic filtering is a concept of filtering
> >traffic leaving your administrative domain so that only
> >traffic which is announced via routing (e.g BGP) is allowed
> >to exit your routing domain. This does nothing to protect
> >you from an attack, but it does disallow downstream users
> >from launching attacks using nonexistent source addresses.
>
> Is this the multi-network equivalent of blocking outgoing
> packets which don't appear from being part of your internal
> network?
Yes. Something all routers should do, anyway.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic