[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: J'accuse!: Whitehouse and NSA vs. Panix and VTW
-----BEGIN PGP SIGNED MESSAGE-----
On Mon, 16 Sep 1996, John F. Fricker wrote:
> Well IPSec provides for authentication of endpoints which would identify the
> syn attacker.
> What amazes me is that routers happily pass packets with foreign IP return
> addresses. I guess there is some valid utility to being able to originate a
> connection that actually goes somewhere else for intiating a many to many
> protocol. But I can't think of any practical application that would
> necessarily be that way.
> So why do routers let packets leave local networks that do not appear to
> originate from said local network? Doesn't routing work "both ways" so to speak?
Probably the same reason that most routers let packets claiming to be from the
local net through. Even those that do filter packets claiming to be from the
local net don't have any real reason to block packets claiming to be from
foreign addresses -- the administrators don't have anything to gain. It'll
probably take some time before this is considered standard netiquette.
- -- Mark
PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----