Randy Bush said:
for each interface on a router block tcp which is both to and from that interface
I don't think that's sufficient. What about spoofed packets arriving via interface A, with IP source and destination both set to the address of interface B?
--apb (Alan Barrett)
If you do it with an access-list in then it doesn't matter. Even a spoofed packet will be blocked prior to arriving where it can do harm. Owen
On Sun, 23 Nov 1997, Owen DeLong wrote:
Randy Bush said:
for each interface on a router block tcp which is both to and from that interface
I don't think that's sufficient. What about spoofed packets arriving via interface A, with IP source and destination both set to the address of interface B?
--apb (Alan Barrett)
If you do it with an access-list in then it doesn't matter. Even a spoofed packet will be blocked prior to arriving where it can do harm.
Owen
Like the cat in the hat, but I think I follow. I'll come back to this when I'm well and hopefully I'll actually get what you're saying. This flu is killer. Wait... Ok. So I could still kill external links, regardless of source routing. I was only thinking of internal links. If I'm still wrong, somebody let me know. Joe Shaw - jshaw@insync.net NetAdmin - Insync Internet Services.
participants (2)
-
Joe Shaw -
owen@DeLong.SJ.CA.US