Bugtraq mailing list archives
Re: Router filtering not enough! (Was: Re: CERT advisory )
From: J.S.Peatfield () amtp cam ac uk (Jon Peatfield)
Date: Thu, 26 Jan 1995 16:02:47 +0000
another method. use the arp cache to check source ip addresses against physical layer addresses, local net packets coming from the Net router, rather then direct from the local machine should be dropped. this is also sufficient to protect against the spoofing attack from the Net.
How hard would it be to modify tcpwraper (for example) to check the incomming MAC address on a connection and to be worried if it came from a list of routers but the address was the local net? -- Jon
Current thread:
- Re: Router filtering not enough! (Was: Re: CERT advisory ) Dave Mitchell (Jan 26)
- Re: Router filtering not enough! (Was: Re: CERT advisory ) Jonathan M. Bresler (Jan 26)
- <Possible follow-ups>
- Re: Router filtering not enough! (Was: Re: CERT advisory ) Jon Peatfield (Jan 26)
- Re: Router filtering not enough! (Was: Re: CERT advisory ) Paul Traina (Jan 26)
- Would an encrypted tunnel solve the SeqNo guessing attack? Bennett Todd (Jan 26)
- Re: Would an encrypted tunnel solve the SeqNo guessing attack? Mark (Jan 26)
- Loaded system no protection. Leo Bicknell (Jan 27)
- Re: Would an encrypted tunnel solve the SeqNo guessing attack? Marc Tamsky (Jan 27)
- Re: Would an encrypted tunnel solve the SeqNo guessing attack? Paul Robinson (Jan 27)
- Very Confused!! Mohamad A Khatoun (Jan 27)
- Re: Router filtering not enough! (Was: Re: CERT advisory ) Paul Traina (Jan 26)
- Notes from Tsutomo's Talk Michael B. Dilger (Jan 26)
- Re: Router filtering not enough! (Was: Re: CERT advisory ) Pete Shipley (Jan 26)
- Re: Router filtering not enough! (Was: Re: CERT advisory ) Jon Peatfield (Jan 27)