On Sat, 4 Aug 2001 09:41:01 -0700 Bill Campbell wrote:
> On Sat, Aug 04, 2001 at 11:45:55AM -0400, burns wrote:
> ...
> >The problem is not tcp/ip itself, but how MS purportedly intends to allow raw
> >socket access in XP - in other words it's not the highway, but how MS is
> >building the on ramps.
>
> Raw socket access isn't a problem in itself. Steve Gibson notes that this
> is something that's been available on Unix and Linux systems for years.
>
> Many of the attacks by script kiddies could be eliminated if ISPs put in
> elementary packet filters on their routers and RAS systems where the
> prohibit outgoing packets with source addresses that couldn't be coming
> through that port. The simplest case is the ISP blocking any outgoing
> packets at their border router that has a source address that isn't on
> their network. They can also set filters with radius to refuse packets
> from a dialup connection with a source address that isn't the one assigned
> to the port.
>
> The IP filters should also reject any incoming packets from the outside
> world that have a source address on the interior networks.
One does have to be a little careful about making assumptions, however. My
brother-in-law has a Hughes satellite connection, and he was unable to
get past the security at 2 different websites, because his outbound
packets were coming down the phone line and his incoming packets were
taking a completely different route, from the satellite. I couldn't
renew my prescription over the web when we visited with them because of this.
Merck was very responsive when I complained, however.
--
-----------------------------------------------------------------------
| Alan K. Jackson | To see a World in a Grain of Sand |
| [EMAIL PROTECTED] | And a Heaven in a Wild Flower, |
| www.ajackson.org | Hold Infinity in the palm of your hand |
| Houston, Texas | And Eternity in an hour. - Blake |
-----------------------------------------------------------------------
_______________________________________________
http://linux.nf -- [EMAIL PROTECTED]
Archives, Subscribe, Unsubscribe, Digest, Etc
->http://linux.nf/mailman/listinfo/linux-users
