Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Turn off ip spoofing on internal LAN

To: "Warren Barrow" <[email protected]>, "'felix'" <[email protected]>, "Fw-1-Mailinglist" <[email protected]>
Subject: Re: [FW1] Turn off ip spoofing on internal LAN
From: "Aylton Souza, CISSP" <[email protected]>
Date: Tue, 3 Apr 2001 01:00:42 -0300
References: <[email protected]>
Sender: [email protected]

Guys,

It is not clear for me... What are the 'some reasons'...?

Antispoofing is VERY important... As Warren said, if you don't do that it would defeat the purpose...

best wishes

Aylton

----- Original Message -----

From: Warren Barrow

To: 'felix' ; Fw-1-Mailinglist

Sent: Monday, April 02, 2001 6:11 PM

Subject: RE: [FW1] Turn off ip spoofing on internal LAN

Antispoofing needs to be configured for 1) All interfaces, or 2) No interfaces. You can't configure antispoofing for only one interface-- it sort of defeats the whole purpose. With antispoofing, firewall-1 needs to know what it should see on every interface.

-Warren.

-----Original Message-----
From: felix [mailto:[email protected]]
Sent: Monday, April 02, 2001 3:49 PM
To: Fw-1-Mailinglist
Subject: [FW1] Turn off ip spoofing on internal LAN

Hi

For some reasons I need to turn off the IP spoofing on my internal Nics in Firewall Box, of course I'll keep IP spoofing on external Nic on the firewall box! Meanwhile I will disallow traffic from DMZ to Localnet. Do you guys think it's ok? By doing this do I run any potential security risk or not? The condition is that no internal guy will be acted as a hacker.

Thanks!

References:
- RE: [FW1] Turn off ip spoofing on internal LAN
  - From: Warren Barrow <[email protected]>

Prev by Date: Re: [FW1] DMZ via VLAN
Next by Date: [FW1] How to allow HTTP access through firewall to Web server?
Previous by thread: RE: [FW1] Turn off ip spoofing on internal LAN
Next by thread: [FW1] Encryption license
Index(es):
- Date
- Thread