Are Firewalls Useful? And Another Thing...

    Date23 Sep 2004
    CategoryFirewalls
    7311
    Posted ByAnthony Pell
    Address spoofing depends crucially on being able to hide the real source address, so why not make that impossible? One way to do it would be to have all the ISPs and network carriers whose connections constitute the Internet certify where packets entering the network come from. . . . If you ever feel in need of a lesson in humility, try reading through the TCP/IP RFCs and related literature. I have two questions I have no idea how to answer but rather naively expected that reading this material would help. It didn't, in truth because I didn't understand most of it; so now I'm asking you to explain the issues to me.

    The two questions are, first, why can't router software let us stamp out address spoofing? And secondly, why do we use firewalls?

    Address spoofing depends crucially on being able to hide the real source address, so why not make that impossible?

    One way to do it would be to have all the ISPs and network carriers whose connections constitute the Internet certify where packets entering the network come from.

    Any packet has to have an origin characterized, from an Internet perspective, by the point at which it first reaches part of the shared resource -- usually a router or other device maintained by an ISP or backbone carrier. Suppose, therefore, that we put software on those devices that allows them to form a self-authenticating community and insert a signed source address into every packet forwarded from the customer's premises.

    You are not authorised to post comments.

    LinuxSecurity Poll

    What is your favorite LinuxSecurity.com feature?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote
    17
    radio
    [{"id":"65","title":"Feature articles","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"66","title":"News","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"67","title":"HOWTOs","votes":"0","type":"x","order":"3","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.