Re: not listening

Walter Roberson wrote:

Although those are good points, they don't address the other 200-ish
IP protocols that do not have ports.

Huh, wonderful. I guess you usually just speak 3 of them.

PPPoE on a DSL line: uses GRE (IP Protocol 47) to encapsulate
all user traffic.

Yes, pretty common, but not relevant in that context.

ESP (IP protocol 50): used by my IPSec connection to work to encrypt
and encapsulate payloads

AH (IP protocol 51): used by my IPSec connection to work to provide
authentication services

Rarely used on a home computer. Anyway, why don't you use IPv6?

ICMP (IP protocol 1): numerous uses

This is one the the usual 3.

And of course my systems use ARP as well.

ARP is a helper protocol to IP with some stupid pseudo-encapsulation.

We were not given ANY information about the kind of computer or the
operating system version or what patches have been applied.

OK, here's one reasonable assumption: Without patches and a non-fucked
up operating system, you're busted anyway. Hope in another keeping off
the exploits is pretty unreliable.

Are fragmentation attacks still a problem in 2006? Yes: May 9, 2006,
Cisco advised of a firewall security bypass based upon fragmentation.
It isn't a DoS attack and doesn't kill the firewall, but if fragmentation
approaches are still presenting problems to mature products, you can
be pretty sure that IP-level fragmentation attacks are still a
security risk that need to be actively considered.

And the worse, most so-called personal firewalls are easily circumvent
by fragmentation, some are even DoSed.
Beside that, no modern up-to-date system currently has such a problem
and is actually pretty resistent.
.

Quantcast