Re: [fw-wiz] Trust an IP? (IPTables)

From: Paul Robertson (proberts_at_patriot.net)
Date: 05/01/03

  • Next message: Meindert Uitman: "[fw-wiz] cisco crypto dynamic map problem?"
    To: David Lang <dlang@diginsite.com>
    Date: Thu, 1 May 2003 10:51:17 -0400 (EDT)
    

    On Thu, 1 May 2003, David Lang wrote:

    > the fundamental problem with the r* tools wasn't trusting an IP address,
    > it was trusting a 'root' source port.

    Actually, there's a good argument to be made that the issue was trusting a
    host well enough to allow login without additional credentials. Coupled
    with the fact that such trust is extended by addign a simple text file to
    a user's home directory, and things get ugly pretty quickly.

    Paul
    -----------------------------------------------------------------------------
    Paul D. Robertson "My statements in this message are personal opinions
    proberts@patriot.net which may have no basis whatsoever in fact."
    probertson@trusecure.com Director of Risk Assessment TruSecure Corporation

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Meindert Uitman: "[fw-wiz] cisco crypto dynamic map problem?"

    Relevant Pages