[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: J'accuse!: Whitehouse and NSA vs. Panix and VTW



-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 16 Sep 1996, John F. Fricker wrote:

> Well IPSec provides for authentication of endpoints which would identify the
> syn attacker.
> 
> What amazes me is that routers happily pass packets with foreign IP return
> addresses. I guess there is some valid utility to being able to originate a
> connection that actually goes somewhere else for intiating a many to many
> protocol. But I can't think of any practical application that would
> necessarily be that way.
> 
> So why do routers let packets leave local networks that do not appear to
> originate from said local network? Doesn't routing work "both ways" so to speak?

Probably the same reason that most routers let packets claiming to be from the
local net through.  Even those that do filter packets claiming to be from the
local net don't have any real reason to block packets claiming to be from
foreign addresses -- the administrators don't have anything to gain.  It'll
probably take some time before this is considered standard netiquette.

- -- Mark

PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMj3WtizIPc7jvyFpAQFIaQf+LFurdJzTgysANF8KNutVkYPR/29jHHON
Vf+2SBn71AYhuBbkwAuAyCr+MyI7T0+Cct6sDq/F6FotiI8fUid2HKmcvfdSBl7l
dRdKRfeNVKrbwggx8cg+smgWlx47zmMKNYa5RO1q53xwKHUBrLjEB+FzpLXryAbJ
5fbg/0ujnqPejHDBdjeDGyebzE6FOr/2qjCpGZb9CU+2Df35VJde5sNuObLo/H1q
mM70vPMsMzSiRkSzDTtnsJZJumOqMP92Q3KSSwtOre5D7Fxg9g9anpTxYmYQhBEs
SqyKMOTluFUh1Uq+8cizqZ+zzc89cnM1+vUJKRe4TxvNxMY0JJ7CWQ==
=yYoB
-----END PGP SIGNATURE-----