Re: User and Ports: For a firewall solution

Alan Cox (alan@lxorguk.ukuu.org.uk)
Mon, 20 Apr 1998 15:54:29 +0100 (BST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Eloy A. Paris: "Re: File table overflow with smbfs and 2.1.9x"
Previous message: Colten Edwards: "lockup in 2.1.97 (again)"

> policies for that host will be setup on time-to-time basis. Since
> the policies are based on the user, server need to know the originator
> user for the packets to be filtered. One way is to query back & cache but
> it is not an efficient solution. Another way is to restrict the user to
> use some range of source ports and firewall control server can be informed
> of the ports at the time of authentication (This authentication information
> exchange is done by a local application module). So that firewall can map
> hosts+port to the user and apply the appropriate policies.

This seems very crude. Supposing I simply stick my laptop on the lan and
use ports allocated to another user ?

There is no security in port information unless you are doing filtering
and verification at the boundary points too. In that case the boundary
points can generate IP-AH frames with MD5 signatures based on authentication
data provided.

Alan

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu

Next message: Eloy A. Paris: "Re: File table overflow with smbfs and 2.1.9x"
Previous message: Colten Edwards: "lockup in 2.1.97 (again)"