On Monday 04 February 2002 12:30, you wrote:
Mark Ruth wrote:
-- Do you really think a router or firewall forwards ips like 127.0.0.1?
yes. If some big german ISP route a spoofed packed from a webserver to my home firewall, i REALLY think that they forwards ips like 127.x.x.x... if you don't belive, i can give you rejects for 192.168.x.x, 10.x.x.x, 127.x.x.x and so one ;-)
so, DON'T belive that others will do things for you..
I agree, so many ISPs use default routes, and I've seen routing loops caused by this in quite well known ones, after networks have been returned to them. There is also the nasty business of source routes in packets. Most ISPs take a head in the sand approach and pass the buck on spoofing issues. Few check your outward bound packets for validity, as it costs time and money to get right. It is possible to gain some extra protection, by enabling ident lookup's in hosts.allow and rejecting any connections, from your internal networks that fail to be verified. It can't be relied upon to permit access, but a detected SPOOF is a strong indication that something is wrong. Rob