On Mon, 25 May 2020 08:25:22 +0100
Andy Burns wrote:
> Ahem A Rivet's Shot wrote:
>
> > The Natural Philosopher wrote:
> >
> >> yes BUT your way involves spoofing internal source addresses on an
> >> external interface.
> >> In short a compromised ISP
> >
> > Network security should be based on the assumption that everything
> > you don't control is potentially hostile.
>
> So drop all spoofed packets arriving at the external interface.
Yep that's one of the very early clauses in any decent firewall.
--
Steve O'Hara-Smith | Directable Mirror Arrays
C:\>WIN | A better way to focus the sun
The computer obeys and wins. | licences available see
You lose and Bill collects. | http://www.sohara.org/
--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | FidoUsenet Gateway (3:770/3)
|