Re: Will A Firewall Do Me Any Good
From: Bruno Wolff III (bruno_at_cerberus.csd.uwm.edu)
Date: 12/15/04
- Next message: Anne & Lynn Wheeler: "Re: browser without "padlock" secure?"
- Previous message: Bruno Wolff III: "Re: DNS server behind a firewall"
- In reply to: Buck Turgidson: "Will A Firewall Do Me Any Good"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 15 Dec 2004 20:53:20 GMT
In article <5BMvd.33135$Jk5.3853@lakeread01>, Buck Turgidson wrote:
> I have a Linksys cable router. Behind it I have a Linux and a Windows
> machine. Is there any point in putting up a firewall on Linux if only port
> 22 is open on the router?
Do you trust the router?
> Specifically, I want to prevent spoof attacks, but it doesn't seem like
> Linux, being behind the firewall, not the firewall itself, would be able to
> know if the local address was coming from outside or inside.
That depends. If the attacks aren't compromising the router, you might be able
to filter based on mac address and detect spoofed packets coming from the
router that way. This will work if the "router" behaves like a "switch" for
your local network. If the router is compromised, then things become a lot
more difficult.
> Is my understanding correct? Any way to guard against spoofing with a cable
> router?
If you really don't trust the router, another option is to put to nics in
your linux box and have the router connected to one and a switch (used for
your local network) to the other and use the linux box as a firewall.
- Next message: Anne & Lynn Wheeler: "Re: browser without "padlock" secure?"
- Previous message: Bruno Wolff III: "Re: DNS server behind a firewall"
- In reply to: Buck Turgidson: "Will A Firewall Do Me Any Good"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
