brad at stop.mail-abuse.org
Thu Jun 9 23:24:14 PDT 2005
At 8:10 AM +0200 2005-06-10, Heiko Gerstung wrote:
> Sorry that I miss the point, but if auth is related to the IP address, why
> do we need to find the physical interface for an association? The IP
> address of the sender and the receiver should be available in every packet
> we receive, no matter over which interface we receive it, right?
My understanding is that this is not true by the time the IP
stack has done it's job of unwrapping the package. You'll have the
source IP but not the target IP, so you won't know the interface,
which means that you can't guarantee that the response will go out
the same interface and from the same target (now source) IP.
You have to back-track to figure how to fill in the missing bits.
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
More information about the hackers