Re: Theory Question

From: John Howie (JHowie@msn.com)
Date: 04/08/01

• Next message: Jacques A. Vidrine: "Re: Theory Question"
• Previous message: Jacques A. Vidrine: "Re: Theory Question"
• In reply to: Jacques A. Vidrine: "Re: Theory Question"
• Next in thread: Jacques A. Vidrine: "Re: Theory Question"
• Reply: Jacques A. Vidrine: "Re: Theory Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "John Howie" <JHowie@msn.com>
To: "Jacques A. Vidrine" <n@nectar.com>
Date: Sat, 7 Apr 2001 15:48:53 -0700

----- Original Message -----
From: "Jacques A. Vidrine" <n@nectar.com>
To: "John Howie" <JHowie@msn.com>
Cc: "Crist Clark" <crist.clark@globalstar.com>; <lee@kechara.net>;
<freebsd-security@FreeBSD.ORG>
Sent: Saturday, April 07, 2001 3:39 PM
Subject: Re: Theory Question

> On Sat, Apr 07, 2001 at 02:53:11PM -0700, John Howie wrote:
> > In practice a machine with no IP address that just receives packets is
not
> > likely to be vulnerable. Crist's scenario is not a probable one (as he,
> > himself, acknowledges).
>
> Such exploits have been seen in the past, e.g. the tcpdump buffer
> overrun. I guess the assumption is that your opponent is more
> sophisticated than a script kiddie, and wants something in your
> network.
>

Agreed! And the hacker would also need to have intimate knowledge of your
network configuration to be able to supply the correct parameters to
ifconfig in the scenario that Crist outlined. One item that was missing from
the original design was an exterior DMZ firewall (or perhaps I just missed
that component) running NAT. Key to securing the infrastructure is making it
as difficult as possible for a hacker to determine DMZ and production
network topologies and machine addresses.

Regards,

john...

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

---

• Next message: Jacques A. Vidrine: "Re: Theory Question"
• Previous message: Jacques A. Vidrine: "Re: Theory Question"
• In reply to: Jacques A. Vidrine: "Re: Theory Question"
• Next in thread: Jacques A. Vidrine: "Re: Theory Question"
• Reply: Jacques A. Vidrine: "Re: Theory Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: ISA 2004 FWC + Single Nic Template ISA2004 ... There are numerous reasons this scenario isn't supported - the largest of which are "not designed or tested to operate this way". ... modify the "Internal" network set to only include the IP's that are actually ... ISA box. ... Firewall Client = Winsock Client - Single NIC ISA = No Winsock Support. ... (microsoft.public.isa.clients) Re: Problems with SQLEXEC ... This may suggest that the network at client end is problematic. ... but nothing is known for sure, so can't even suggest changing config worth thousands of dollars ... that is not how the real scenario is supposed to be. ... I don't know what laws apply to your country ... (microsoft.public.fox.programmer.exchange) Re: OT: unathorized network user. ... network w/ instructions on how to print to it. ... I connect via your wireless AP and use it to send out spam. ... The police come knocking at your door. ... (Fedora) Re: Use RAM for NTFS security permission changes ... So what happens, in your happy scenario, if: ... A file changes, is deleted, or moved during the process? ... A stack overflow allows a hacker to access or expose memory contents? ... (microsoft.public.windows.vista.security) Re: OT: unathorized network user. ... doing I don't know what on my network. ... I connect via your wireless AP and download child porn. ... The police come knocking at your door. ... (Fedora)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(17)