RE: Secure desktop idea?

From: mstevenson@quickhire.com
Date: 11/01/01


From: mstevenson@quickhire.com
Message-ID: <1190DE9E1A0FD511AB8E000102CCFE84051DB9@mail.nethot.com.pr>
To: john.oliver@hosting.com, security-basics@securityfocus.org
Subject: RE: Secure desktop idea?
Date: Thu, 1 Nov 2001 11:04:43 -0500 

Well, without having a default route to get information like: "Where do I
send packet X?"
where are you going to get your routing tables from? You HAVE to have some
kind of default resource to determine where you are going to route packets
to.

Miles Stevenson
QuickHire Network Support Specialist

-----Original Message-----
From: John Oliver [mailto:john.oliver@hosting.com]
Sent: Tuesday, October 30, 2001 3:22 PM
To: security-basics@securityfocus.org
Subject: Secure desktop idea?

A thought just occurred to me... desktop systems (and even some servers)
could be almost completely secure if there was a way to dynamically
allocate and de-allocate routes. If your system has no default route,
it ought to be safe from any TCP-based attack. If routes to remote
networks could be dynamically added as needed, and then removed, it
seems that it would be virtually impossible for an outsider to even see
that the host exists, let alone be able to root it.

Ideas? Am I just way off the deep end here? :-)

-- 
John Oliver
System Administrator
hosting.com, an Allegiance Telecom company
mailto:john.oliver@hosting.com
(858) 637-3600
http://www.hosting.com/



Relevant Pages

  • Re: Secure desktop idea?
    ... Subject: Secure desktop idea? ... trigger to establish the route? ... connections' (for which you are building the route) and 'bad connections' ...
    (Security-Basics)
  • RE: Secure desktop idea?
    ... Subject: Secure desktop idea? ... Some servers do run routing protocols but that feature is so they know the ... best or alternate route to a certain network. ... There will be too much overhead for your workstation to add the network, ...
    (Security-Basics)
  • Re: How many nesting levels does an assembler need for macros ?
    ... If every host in the entire chain log's ip's, then the entire route is ... Every IP packet has a source and destination address. ... would need to take control of *all* the servers that formed a complete route ...
    (alt.lang.asm)
  • Kernel Panic due to NF_IP_LOCAL_OUT handler calling itself again
    ... option, I am using kernel 2.6.5, without smp and preemption support. ... describing the source route and the route error. ... ensuring that the packet makes it to the next hop. ... local_out is an icmp dest unreach. ...
    (Linux-Kernel)
  • Re: routing bug?
    ... In -current protocol cloning is gone and pointers to an rtentry are no ... This causes a route lookup to be done for ... UDP packet is being sent to determine the source address and thus it ... storing the rtentry pointer in the inpcb at all. ...
    (freebsd-current)