Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 18 Mar 2002 15:58:54 -0800
From:      "Crist J. Clark" <cjc@FreeBSD.ORG>
To:        Fergus Cameron <cameron@argus-systems.com>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: Is PortSentry really safe to use?
Message-ID:  <20020318155854.C60554@blossom.cjclark.org>
In-Reply-To: <20020318183415.E1000@dedog.argus-systems.co.uk>; from cameron@argus-systems.com on Mon, Mar 18, 2002 at 06:34:15PM %2B0000
References:  <2332.213.112.58.232.1016226432.squirrel@phucking.kicks-ass.org> <20020318183415.E1000@dedog.argus-systems.co.uk>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Mar 18, 2002 at 06:34:15PM +0000, Fergus Cameron wrote:
> surely it wouldn't be possible to spoof an attack 'through' a gateway ?
> would the gateway not reject the traffic as invalid ?  otherwise it
> would pass traffic apparently from itself but recieved on the wrong
> interface.

Most gateways don't give a hoot about the source address of a
packet. If the destination address is one of its own, it passes it up
the stack. If the destination address is not one of its own, it
forwards it as appropriate. Who cares what the source address is?

Yes, access lists (i.e. firewall rules) can easily stop this kind of
thing, but if you don't add the rules (and many, many, many people,
institutions, and companies do not) the traffic will go right
through.
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020318155854.C60554>