Re: [Full-Disclosure] Empirical data surrounding guards and firewalls.
From: James Tucker (jftucker_at_gmail.com)
To: "firstname.lastname@example.org" <email@example.com> Date: Thu, 2 Sep 2004 23:15:04 +0100
Apologies, please explain the lack of differences, I'm not getting them.
"The door" - Port 80 - Closed after connection attempt. You come back,
it does the same, and then closes again. 404 Error not being
dissimilar to being told to get out.
Cops show up - As with the firewall, it does not actively stop you
from reconnecting. McDonalds staff did not prevent you from
re-entering the premesis themselves.
Measures in Both:
In the event of reconnection attempts the firewall logs would indicate
an attack and external policing would have to deal with the problem.
As far as I can see it the only difference is scaling, you can make
many many millions of requests before a flood warning appears, whereas
you only need to refuse to leave a few times before the police are
called. I guess humans have less patience than computers.
Of course I could be missing something?
Oh yeah, I did miss something, you can't "disconnect" someone from
being present in the building, as you can with a socket on a server.
But with reconnection scaling, is that really relevant? A little,
moreso in some circumstances, but not in this one.
Why complain about anologies when your response contains anaolgies
such as this one.
Did you really go into McDonalds and harrass the staff today and get
taken away by the police? Please say yes, that would make my day. ROFL
On Thu, 2 Sep 2004 14:45:56 -0500 (CDT), firstname.lastname@example.org
> -McDonald's guard
> -(1) Evol
> -(1) Shoes
> -(1) Shirt
> -(1) Computer
> -(1) Internet connection
> -(1) Firewalled host
> For each target, undergo the following steps:
> 1.) Enumerate an acceptable entrance policy.
> 2.) Attempt to enter while following entrance policy.
> The firewall at internet host www.mcdonalds.com accepts
> connections to TCP/IP port 80. Rules are similar to 'DENY
> ALL EXCEPT TCP PORT 80' So make connection to port 80 and
> note results.
> Normal transaction was accepted. See results:
> HTTP/1.1 400 Bad request
> Server: Netscape-Enterprise/4.1
> Date: Thu, 02 Sep 2004 XX:XX:XX GMT
> Content-length: 147
> Content-type: text/html
> Connection: close
> The store at the location closest to me was chosen as a
> specific target. The entrance policy is:
> 'IF (NOT SHOES) OR (NOT SHIRT) DENY'
> So, evol enters store with only shoes and a shirt.
> Evol was rejected conduction of normal buisness. No
> Big Mac today, get out! Then, when Evol tries to
> proceed anyway, cops take Evol out of McDonalds.
> People and firewalls are different.
Full-Disclosure - We believe in it.