Date: Mon, 18 Mar 2002 15:58:54 -0800 From: "Crist J. Clark" <cjc@FreeBSD.ORG> To: Fergus Cameron <cameron@argus-systems.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Is PortSentry really safe to use? Message-ID: <20020318155854.C60554@blossom.cjclark.org> In-Reply-To: <20020318183415.E1000@dedog.argus-systems.co.uk>; from cameron@argus-systems.com on Mon, Mar 18, 2002 at 06:34:15PM %2B0000 References: <2332.213.112.58.232.1016226432.squirrel@phucking.kicks-ass.org> <20020318183415.E1000@dedog.argus-systems.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Mar 18, 2002 at 06:34:15PM +0000, Fergus Cameron wrote: > surely it wouldn't be possible to spoof an attack 'through' a gateway ? > would the gateway not reject the traffic as invalid ? otherwise it > would pass traffic apparently from itself but recieved on the wrong > interface. Most gateways don't give a hoot about the source address of a packet. If the destination address is one of its own, it passes it up the stack. If the destination address is not one of its own, it forwards it as appropriate. Who cares what the source address is? Yes, access lists (i.e. firewall rules) can easily stop this kind of thing, but if you don't add the rules (and many, many, many people, institutions, and companies do not) the traffic will go right through. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020318155854.C60554>