Re: Re: Can the SPF technique be used to stop IPaddress spoofi

The analogy seems fine to me.

On Tue, 2004-11-23 at 12:54 +0100, Alex van den Bogaerdt wrote:

If you want to route _my_ email _to_ _you_ on _your_ internal network,
there is no need to alter anything.  SPF should be checked on the border
and on the border alone.


If you want to route my packets to yourself on your internal network,
there is no need to alter anything. MAC address checking should be
checked on the border and on the border alone.

If you want to send _your_ email _to_ _another_ mailbox you are _not_
allowed to use _my_ name.


If you want to send _your_ packet to another host, you are _not_ allowed
to use _my_ IP address.

_If_ your analogy would be correct, you would be trying (and failing)
to setup a connection _with_someone_else_ using _my_ ip addresses.


You are trying (and failing) to set up a connection with someone else
(someone else's router) using _my_ IP address.

You didn't address the IPsec part of the analogy, btw.

-- 
dwmw2

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

Re: Sendmail white paper, David Woodhouse

Next by Date:

RE: Sendmail white paper, Mark

Previous by Thread:

Re: Re: Can the SPF technique be used to stop IPaddress spoofi, Alex van den Bogaerdt

Next by Thread:

RE: Can the SPF technique be used to stop IP address sp, Stefan Engelbert

Indexes:

[Date] [Thread] [Top] [All Lists]