From owner-freebsd-security  Mon Mar 18 15:59:15 2002
Delivered-To: freebsd-security@freebsd.org
Received: from rwcrmhc53.attbi.com (rwcrmhc53.attbi.com [204.127.198.39])
	by hub.freebsd.org (Postfix) with ESMTP id 0721437B402
	for <freebsd-security@FreeBSD.ORG>; Mon, 18 Mar 2002 15:58:55 -0800 (PST)
Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc53.attbi.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP
          id <20020318235854.QZVP2951.rwcrmhc53.attbi.com@blossom.cjclark.org>;
          Mon, 18 Mar 2002 23:58:54 +0000
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.6/8.11.6) id g2INwsE61060;
	Mon, 18 Mar 2002 15:58:54 -0800 (PST)
	(envelope-from cjc)
Date: Mon, 18 Mar 2002 15:58:54 -0800
From: "Crist J. Clark" <cjc@FreeBSD.ORG>
To: Fergus Cameron <cameron@argus-systems.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Is PortSentry really safe to use?
Message-ID: <20020318155854.C60554@blossom.cjclark.org>
References: <2332.213.112.58.232.1016226432.squirrel@phucking.kicks-ass.org> <20020318183415.E1000@dedog.argus-systems.co.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20020318183415.E1000@dedog.argus-systems.co.uk>; from cameron@argus-systems.com on Mon, Mar 18, 2002 at 06:34:15PM +0000
X-URL: http://people.freebsd.org/~cjc/
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Mon, Mar 18, 2002 at 06:34:15PM +0000, Fergus Cameron wrote:
> surely it wouldn't be possible to spoof an attack 'through' a gateway ?
> would the gateway not reject the traffic as invalid ?  otherwise it
> would pass traffic apparently from itself but recieved on the wrong
> interface.

Most gateways don't give a hoot about the source address of a
packet. If the destination address is one of its own, it passes it up
the stack. If the destination address is not one of its own, it
forwards it as appropriate. Who cares what the source address is?

Yes, access lists (i.e. firewall rules) can easily stop this kind of
thing, but if you don't add the rules (and many, many, many people,
institutions, and companies do not) the traffic will go right
through.
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message