On Thu, 2 Sep 1999, Alfonso Lazaro wrote: > So if our firebox is defending our internal network ( 192.168.x.x ... ) > and our WG Firewall is a proxie with an external ip in internet ( 100.100.100.100 hipotetic ip address ) the atacker can change his/her routes like so : > > # route add -net 192.168.0.0 netmask 255.255.255.0 gw 100.100.100.100 I am afraid this will work only if either of these conditions is true: 1. the attacker is connected directly to the firebox's external interface 2. the attacker's OS will source route such packets and every intermediate router will honor the specified source routing --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:01:42 PDT