From owner-freebsd-security Tue Dec 14 5: 9:52 1999 Delivered-To: freebsd-security@freebsd.org Received: from sand2.sentex.ca (sand2.sentex.ca [209.167.248.3]) by hub.freebsd.org (Postfix) with ESMTP id 9A4EA14EB7 for ; Tue, 14 Dec 1999 05:09:46 -0800 (PST) (envelope-from mike@sentex.net) Received: from gravel (ospf-mdt.sentex.net [205.211.164.81]) by sand2.sentex.ca (8.8.8/8.8.8) with SMTP id IAA10047; Tue, 14 Dec 1999 08:09:45 -0500 (EST) (envelope-from mike@sentex.net) Message-Id: <4.1.19991214075631.03f07780@granite.sentex.ca> X-Sender: mdtancsa@granite.sentex.ca X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Tue, 14 Dec 1999 08:09:33 -0500 To: pccb@yahoo.com From: Mike Tancsa Subject: Re: Why use a Firewall? Cc: freebsd-security@freebsd.org In-Reply-To: <3855E2B4.59CDD2FD@yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 01:24 AM 12/14/99 , Pierre Chiu wrote: >>Spoofed addresses for one thing. There are many reasons. Sometimes if >I don't think firewall can stop spoofed ip. >It can stop non-routable ip like (192.168.1.1), but if your ip is >24.112.1.1 and you spoofed it as 24.118.1.1, I doubt firewall can detect >it. Of course it can. e.g. if your network inside is 123.123.123.0/24 and your interface to the outside world, fxp0 ipfw add 100 deny log ip from 123.123.123.123 in via fxp0 ---Mike ********************************************************************** Mike Tancsa * mike@sentex.net Sentex Communications Corp, * http://www.sentex.net/mike Cambridge, Ontario * 519 651 3400 Canada * To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message