[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] My reason to turn off IP Spoofing
Hi Tell me, are you using 5 single port pci nics? Try using 4port cards like perhaps ZX346Q (www.znyx.com) But what do you think about the following situation you produce, if you make your clients multi homed? Client in 10.0.0.x has n-nics which connect to 172.32.0.x / 172.33.0.x / 172.34.0.x / 172.35.0.x / 172.36.0.x => The idea of firewalling will be lost, because your client in 10.0.0.x opens the doors to all secured lans.....right, the firewall will still drop traffic from internet, but if an attacker comes from internal networks....you are lost... you can't control the multi homed client... hmm another thingy: why not setting up a citrix server in the 172.36.0.x and let your clients from 10.0.0.x connect to the citrix server...from there you are in the right lan. (you can control citrix connections/authentication) you should think about your actual concept/running env......that's not the correct way to solve your problem, switching lan cable...and why a client needs 5 nics? hope these hints help you to solve your problem.... and only disable ip spoofing if you trust your internal lans, I wouldn't... regards, mike ----- Original Message ----- From: felix To: Fw-1-Mailinglist Sent: Tuesday, April 03, 2001 5:51 PM Subject: [FW1] My reason to turn off IP Spoofing [schnipp] Because the same host has been bound with two different IPs. You may ask me, hey! are you stupid, why don't you add another NIC card?! Believe me they already have 5 NIC cards installed on their system, I don't want to add one more, they may not have more IRQ available! So that's why I ask you guys if possible to turn off IP spoofing, then Firewall will not send me the alarms for detecting invalid IPs. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|