Protocol Encapsulation

Sam Couter sam at
Wed Aug 8 09:39:23 EST 2001

Mark Hummel <mhummel at> wrote:
> Thanks, but I did know about TCP wrappers. Actually, Jeremy has suggested
> just relying on hosts.allow and hosts.deny. I think that would sufficient. 
> The only thing I was worried about was spoofing - a packet pretends to be
> from one of the trusted machines...

Spoofing is very difficult for real-life attacks for anything other than a
DoS type attack (think distributed ping). It's nearly impossible for TCP,
unless the attacker is on the network path between your server and the
spoofed IP address.

As Jeremy said, you can avoid these attacks by using SSL with client
certificates. It's probably not worth the effort.
Sam Couter          |   Internet Engineer   |
sam at    |   tSA Consulting      |
OpenPGP key ID:       DE89C75C,  available on key servers
OpenPGP fingerprint:  A46B 9BB5 3148 7BEA 1F05  5BD5 8530 03AE DE89 C75C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url :

More information about the linux mailing list