RE: How to get through iptables/NAT, reality and risk calculation

From: Seth McNish (smcnish@speakeasy.net)
Date: 04/25/02 

From: Seth McNish <smcnish@speakeasy.net>
To: ferry.van.steen@infopart.nl
Date: Thu, 25 Apr 2002 11:49:58 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There are all sorts of fun things that you can do to a box although it may
_seem_ secure. Really, firewalls are great and all but they're not the "see
all and end all" for network and system security.

I would suggest picking up a book, of which there are many that explain more
in depth how the OS deals with network traffic and how some of the more
commonly exploited services get manipulated into leaking information. I
would suggest one of the many books on Intrusion Detection Systems along with
something like "Hacking Exposed" or "Maximum Security". Any of these will
give you better insight.

Good luck!

- -Seth McNish
 smcnish@speakeasy.net

On Wednesday 24 April 2002 11:55, you wrote:
> I would check out, http://www.monkey.org/~dugsong/fragroute/, there has
> been a lot of talk lately about fragroute bypassing snort detection.
> But it could be used against stateful firewalls as well.
>
> -Jason
>
> > -----Original Message-----
> > From: Ferry van Steen <ferry.van.steen@InfoPart.nl>
> > To: security-basics@securityfocus.com <security-basics@securityfocus.com>
> > Sent: 23/04/2002 11:19
> > Subject: How to get through iptables/NAT, reality and risk calculation
> >
> >
> > Hey there,
> >
> > first of all, please don't get me wrong. I don't want to know how to
> > crack a firewall, I just don't wanna think I'm secure whilst I'm not.
> >
> > The case is this, at several locations I've set up a linux box for the
> > internet traffic. These boxes are configured in such a way that they
> > don't have any open ports (or atleast, not on the internet side). This is
> > accomplished by simply allowing all traffic from the local LAN but only
> > accepting traffic from the internet part of an existing connection (with
> > the iptables -m state --state ESTABLISHED,RELATED).
> >
> > Now, to me, as starting security engineer (security-guru-wannabe or
> > whatever the phrase is), this looks uncrackable to me (unless people
> > download and install trojans that connect to IRC n stuff, which is
> > allowed (atleast, according to traffic rules :-))). What should I be
> > aware of? Could people for instance get data into the network by hiking
> > along on a connection somebody set up with a webserver (or any other
> > service for that matter)? The people on these locations are allowed to do
> > whatever they want, they can IRC, MSN, ICQ, HTTP, HTTPS, etc... Would it
> > be possible that the linux box gets hacked due to a TCP/IP stack bug? I'm
> > just sucking things out of my thumb here so I hope they make sense. Every
> > knowledgeable security engineer I ever spoke say nothing is uncrackable,
> > so I'm just trying to figure out the ways they still can get it so I can
> > do things to prevent those and/or atleast analyse the risk and have a
> > knowledge of the possibilities so I won't be utterly suprised somewhere
> > in the future without a clue as to where to look and how to trace it
> > back.
> >
> > I'm really sorry if this has been discussed before... The site is really
> > slow at the moment. In any case all info is welcomed (URLs, books,
> > references, user stories, experiences... whatever).
> >
> > Btw.. I'm subscribed to the list on another email addy than this one. I
> > am subscribed tho'. Replying to either this email
> > (ferry.van.steen@infopart.nl) or the list would be fine.
> >
> > Kind regards and TIA,
> >
> > Ferry van Steen

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8yE/b6c8IZrN8kUERAgeBAJwKdnun/6GPd+pnQ8xR8G9pbipYYgCfenvU
kDAqAcQ08qsffgYn1hb08Xs=
=exTM
-----END PGP SIGNATURE-----

Relevant Pages

  • Re: Thoughts on MS Microsoft AntiSpyware beta
    ... Should I use both Internet Connection Firewall and a software firewall ... from a different company on my Windows XP computer? ... Running multiple software firewalls is unnecessary for typical home ...
    (microsoft.public.windowsxp.perform_maintain)
  • Re: Network Connections x 2 PCs
    ... >>> protect it from access by hackers on the Internet. ... >>getting the (LOGON failure: the user has not been granted the requested ... on both PCs we created User Accounts with passwords. ... >>disconnecting the Internet Modem, disabled all our Firewalls, but still ...
    (microsoft.public.windowsxp.general)
  • Re: Security concern with ping?
    ... > I have my linux box properly running squid and Jay's Firewall. ... After running a few internet ... Why may it be important to allow the internet to ping my ... To make the situation worse personal firewalls decide ...
    (comp.os.linux.networking)
  • Re: service.exe
    ... Services.exe is a necessary file/process for Windows 2000/XP. ... run a virus scan on your computer with the very latest virus definitions. ... applications/process are listening or connected to the internet. ... Personal firewalls can also be configured not to bother you again ...
    (microsoft.public.win2000.security)
  • Re: I just scanned months worth of posts, but still wonder about this basic question...
    ... > I'd strongly recommend a hardware device such as a Netgear RP114. ... > Internet from each computer, whether or not any other is up and running. ... I tired many other firewalls but Kerio's one ... difference over the internet connection) you cat just plus the modem ...
    (comp.security.firewalls)
Quantcast