michael.holstein at csuohio.edu
Wed Feb 9 22:16:47 GMT 2005
> I don't see how you can filter packets with spoofed *source* addresses
> that are generated outside your network unless the addresses are your
The trick when doing IPS spoofing is to send packets through the device
that have a SOURCE on your network -- because the objective is to make
the IPS think an attack is comming from something important and then
block it (thus creating a DOS against that device).
Simple packet filters can't do this (well they could, but one wouldn't
want reflexive ACLs on your Internet router) but firewalls can do it
IPS is just one more piece of "defense in depth". Despite whatever the
salesperson tells you, installing 1, 10 or 100 of their ultra-whiz-bang
appliances won't prevent 100% of the attacks.
More information about the unisog