Protocol Encapsulation
Sam Couter
sam at topic.com.au
Wed Aug 8 09:39:23 EST 2001
Mark Hummel <mhummel at pcug.org.au> wrote:
>
> Thanks, but I did know about TCP wrappers. Actually, Jeremy has suggested
> just relying on hosts.allow and hosts.deny. I think that would sufficient.
> The only thing I was worried about was spoofing - a packet pretends to be
> from one of the trusted machines...
Spoofing is very difficult for real-life attacks for anything other than a
DoS type attack (think distributed ping). It's nearly impossible for TCP,
unless the attacker is on the network path between your server and the
spoofed IP address.
As Jeremy said, you can avoid these attacks by using SSL with client
certificates. It's probably not worth the effort.
--
Sam Couter | Internet Engineer | http://www.topic.com.au/
sam at topic.com.au | tSA Consulting |
OpenPGP key ID: DE89C75C, available on key servers
OpenPGP fingerprint: A46B 9BB5 3148 7BEA 1F05 5BD5 8530 03AE DE89 C75C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://lists.samba.org/archive/linux/attachments/20010808/170322b4/attachment.bin
More information about the linux
mailing list