Re: How to get through iptables/NAT, reality and risk calculation

From: TheOg (theog@theog.org)
Date: 04/25/02


Date: Thu, 25 Apr 2002 10:53:44 +0200 (Jerusalem Standard Time)
From: TheOg <theog@theog.org>
To: Ferry van Steen <ferry.van.steen@InfoPart.nl>

First of all here : http://www.kb.cert.org/vuls/id/24140
Every system indeed has a chance of being hacked sometime , Firewalls
advance as well as hack tools , you should always keep up with the current
events :-) the never ending story... This way you can keep a level of
security that will be sufficiant to stop most attacks (implementing the
required updates of course.).

_|_ |__ ___ __ __
 |_, | ) (__/_ (__) (__|
                      __/

On Tue, 23 Apr 2002, Ferry van Steen wrote:

> Hey there,
>
> first of all, please don't get me wrong. I don't want to know how to crack a
> firewall, I just don't wanna think I'm secure whilst I'm not.
>
> The case is this, at several locations I've set up a linux box for the
> internet traffic. These boxes are configured in such a way that they don't
> have any open ports (or atleast, not on the internet side). This is
> accomplished by simply allowing all traffic from the local LAN but only
> accepting traffic from the internet part of an existing connection (with the
> iptables -m state --state ESTABLISHED,RELATED).
>
> Now, to me, as starting security engineer (security-guru-wannabe or whatever
> the phrase is), this looks uncrackable to me (unless people download and
> install trojans that connect to IRC n stuff, which is allowed (atleast,
> according to traffic rules :-))). What should I be aware of? Could people
> for instance get data into the network by hiking along on a connection
> somebody set up with a webserver (or any other service for that matter)? The
> people on these locations are allowed to do whatever they want, they can
> IRC, MSN, ICQ, HTTP, HTTPS, etc... Would it be possible that the linux box
> gets hacked due to a TCP/IP stack bug? I'm just sucking things out of my
> thumb here so I hope they make sense. Every knowledgeable security engineer
> I ever spoke say nothing is uncrackable, so I'm just trying to figure out
> the ways they still can get it so I can do things to prevent those and/or
> atleast analyse the risk and have a knowledge of the possibilities so I
> won't be utterly suprised somewhere in the future without a clue as to where
> to look and how to trace it back.
>
> I'm really sorry if this has been discussed before... The site is really
> slow at the moment. In any case all info is welcomed (URLs, books,
> references, user stories, experiences... whatever).
>
> Btw.. I'm subscribed to the list on another email addy than this one. I am
> subscribed tho'. Replying to either this email (ferry.van.steen@infopart.nl)
> or the list would be fine.
>
> Kind regards and TIA,
>
> Ferry van Steen
>



Relevant Pages