Re: IP GAPPING - Tricky one

From: x y (jamescagney90210@excite.com)
Date: 06/28/02 

From: "x y" <jamescagney90210@excite.com>
Date: Fri, 28 Jun 2002 17:41:33 -0400

Actually I think it's a bad thing that these people are touting the benefits
of stealthing. There is some disagreement about whether stealthing an IP
address is a good thing. For example, if you open up an inbound port such
as TCP 80 for a web server, a hacker will know that you have a firewall at
that IP address and can attempt to use various scans to map out the network
behind the firewall. A non-response is thus just about as valuable a clue
to the hacker as a RST reset / port closed would be. Also, a number of
firewalls out there including Zone Alarm and BlackIce claim to be
stealthing, but if a hacker scans the firewall, the firewall turns around
and sends out a request to the hacker's network trying to get the netbios
name of the hacker's computer. Not a bad idea, but not very stealthy.

Someone selling a hardware firewall device should know this. Or possibly
they do know this but are just trying to sell their product.

"MSS" <MSS@eeyenetworks.com> wrote in message
news:138bf01c21ee5$62dc1610$19ef2ecf@tkmsftngxa01...
> I actually tested one of these devices. I tried doing a
> port scan, which came back with zero ports open. I also
> tried to ping the IP address which also came back as
> unreachable (simply means the device doesn't allow ICMP
> packets).
>
> The interesting part about this was that during the scan
> I was actually surfing the internet with the machine
> which was sitting behind this device.
>
> So I guess its kind of like a stateful firewall
> (preconfigured).
>
>
>
> >-----Original Message-----
> >> Check out this page..
> >> http://alphashield.com/technology.asp
> >
> >This is funny. These are products that someone is
> trying to sell. The
> >"technology" that they're referring to has been
> available for years and
> >years. They just created and marketed a (seemingly
> lame) product that does
> >other tools have done for years.
> >
> >> I know about Stealth port scanning, that is nothing
> new.
> >> but Stealth IP is.
> >
> >What they're calling "Stealth IP" is basically an proxy
> scheme that masks
> >the user's PC address with that of a server acting as a
> proxy. Any basic
> >firewall, application-layer gateway, or firewall
> performs this same
> >function. Nothing new, just a new cardboard box and
> brand name.
> >
> >> "IP Gap Technology ensures access to the connected
> >> computer system is disabled as it creates a virtual GAP
> >> (disconnection) following a pre-determined Internet
> idle
> >> interval. Access to your connected computer system is
> >> managed through a Seamless Intelligent Infrastructure
> to
> >> monitor inbound and outbound data. Without any delay,
> >> each packet of information is inspected and only allows
> >> access to authorized addresses. Once Gap is activated,
> it
> >> can provide 100% bullet-proof network security to the
> >> user"
> >>
> >> These guys call it "ALPHAGAP". But it is essentially
> the
> >> same technology.
> >
> >Right, see any personal firewall. Most of them do the
> same thing. This is
> >not new technology, just a new product.
> >
> >> I know a few people who know about this technology, but
> >> they are unwilling to share.
> >
> >They're full of ***. Sorry to have to be the one to
> tell you that. It is
> >not "new" to program an interface that sites between the
> IP stack and the
> >user interface, and monitors for idle time. Nor is it
> new to filter packets
> >based on source, destination, application, etc.
> Firewalls and proxies (both
> >personal and enterprise) have been doing this for a
> looong time.
> >
> >What you're looking it on this web page is a new product
> that someone is
> >trying to sell. It's not new, breakthrough technology.
> It's the same old
> >same ol' in a new package. Sure, it might combine some
> functionality where
> >others haven't, but they didn't come up with anything
> that someone hasn't
> >been doing for years.
> >
> >
> >.
> >

Quantcast