September 2000
Intermediate to advanced
352 pages
6h 41m
English
book
OpenView Network Node Manager: Designing and Implementing an Enterprise Solution
by John Blommers
Content preview from OpenView Network Node Manager: Designing and Implementing an Enterprise Solution
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Packet Filtering With a Router
One of the components of a DMZ (see Figure 10-4 for a contextual diagram) may be a router with packet filters defined in the configuration file. These filters can be configured to defeat IP spoofing attacks, and they can limit external access to specific network servers.
Figure 10-4. The router packet filter.
The router indicated in this illustration is configured with packet filters on its interfaces. The interface connected to the untrusted network passes only packets destined for the web, mail, DNS, and telnet servers. This blocks all direct attacks on the router itself, the bastion host, or devices on the private network, to the left of the bastion host.
IP spoofing occurs when the source IP address of a ...