Graph of the Week at http://qosient.com/argus
Olaf Gellert
olaf.gellert at intrusion-lab.net
Thu Sep 14 04:26:45 EDT 2006
Maybe I should clarify this:
> One example of a security check is this (we have been doing it for
> many years now): We compare if any packet with an inside IP
> address has the MAC-address of our router interface. That way we
> notice IP-spoofing (or check if our firewall really does what it
> should do: keep these packets out).
>
"inside IP address" -> "inside source IP address
So packets are suspicious that have an inside source IP
address, but the MAC indicates that the router forwarded
them (of course you have to exclude the normal IP of the
router address).
Olaf
More information about the argus
mailing list