Date: Mon, 18 Mar 2002 15:58:54 -0800 From: "Crist J. Clark" <cjc@FreeBSD.ORG> To: Fergus Cameron <cameron@argus-systems.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Is PortSentry really safe to use? Message-ID: <20020318155854.C60554@blossom.cjclark.org> In-Reply-To: <20020318183415.E1000@dedog.argus-systems.co.uk>; from cameron@argus-systems.com on Mon, Mar 18, 2002 at 06:34:15PM %2B0000 References: <2332.213.112.58.232.1016226432.squirrel@phucking.kicks-ass.org> <20020318183415.E1000@dedog.argus-systems.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Mar 18, 2002 at 06:34:15PM +0000, Fergus Cameron wrote:
> surely it wouldn't be possible to spoof an attack 'through' a gateway ?
> would the gateway not reject the traffic as invalid ? otherwise it
> would pass traffic apparently from itself but recieved on the wrong
> interface.
Most gateways don't give a hoot about the source address of a
packet. If the destination address is one of its own, it passes it up
the stack. If the destination address is not one of its own, it
forwards it as appropriate. Who cares what the source address is?
Yes, access lists (i.e. firewall rules) can easily stop this kind of
thing, but if you don't add the rules (and many, many, many people,
institutions, and companies do not) the traffic will go right
through.
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020318155854.C60554>