Re: Firewalls discussion

Kevin Littlejohn (darius@vector.wantree.com.au)
Mon, 16 Sep 1996 20:03:23 +0800 (WST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Dolnik, Bryan: "Dynamically Assigning IP Addresses"
Previous message: PortMaster Issues: "Quarterdeck v3.0"

Ok, I know a few Portmaster people also read the firewalls lists, and
other similar spots... So I'll assume most people know about the fuss
on those lists re: SYN attacks (basically, the latest trick to come out
of a phrack magazine). My question is this: What would it take (without
my having looked at this yet :) to disallow traffic, from anything other
than the dynamic IP number assigned to a port, from travelling through the
portmaster? (assuming a "standard" ISP setup here, dynamically assigned
IP numbers....) I've just had a thought a standard rule across all
the PM's ports should go a way to stopping this sort of rubbish originating
from your average ISP, surely?

(In case that wasn't clear: I assign 203.61.173.10 to a client. What
would it take to make sure that _all_ packets from their end of the line
are stamped as from 203.61.173.10?)

Just a thought, feel free to shred :)
KevinL

---
Kevin Littlejohn                                        darius@nova.net.au
Systems Consultant
Sunburst Computing Services                              tel: 0414 725 449
Perth, Western Australia 6000                            fax:     481 0393
"Hours of frustration punctuated by moments of sheer terror" - a.s.r.

Next message: Dolnik, Bryan: "Dynamically Assigning IP Addresses"
Previous message: PortMaster Issues: "Quarterdeck v3.0"