RE: Sliding/Shifting/Morphing firewalls

["Stout, Bill" <StoutB () pioneer-standard com>]

It should play hell with the network techs without a sniffer upgrade.  But
it should also play hell with sniffers on the Internet.

Note that Hobbits' http service (http://www.avian.org/) always connects you
with a different port number.  I'm not sure what magic he used there, but
it's always up, and give cool error messages.

Bill Stout


> ----- Original Message -----
> From: Safier, Adam (GEIS) [SMTP:Adam.Safier () geis ge com]
> Sent: Wednesday, February 10, 1999, 15:01:09
> To:   Stout, Bill; cbrenton
> Cc:   Firewall-wizards
> Subject:      RE: Sliding/Shifting/Morphing firewalls
>
> But what does it do for/to network support?
>
> Adam
>
> > -----Original Message-----
> > From:       cbrenton [SMTP:cbrenton () sover net]
> > Sent:       Wednesday, February 10, 1999 3:24 PM
> > To: Stout, Bill
> > Cc: Firewall-wizards
> > Subject:    Re: Sliding/Shifting/Morphing firewalls
> >
> > On Mon, 8 Feb 1999, Stout, Bill wrote:
> >
> > > What's the gurus opinions on firewalls which use randomly changing
port
> > > numbers for inbound/outbound traffic?
> >
> > I assume you mean using random upper port numbers for source ports 
> instead
> > of having the OS dish them out sequentially? If so it makes all forms of
> > attack that rely on source port spoofing that much more difficult to
> > implement.
> >
> > Chris
> > -- 
> > **************************************
> > cbrenton () sover net
> >
> > * Multiprotocol Network Design & Troubleshooting
> > http://www.amazon.com/exec/obidos/ASIN/0782120822/geekspeaknet
> > * Mastering Network Security
> > http://www.amazon.com/exec/obidos/ASIN/0782123430/geekspeaknet
> ----- End Of Original Message -----