Re: DENY x REJECT

[niceshorts () yahoo com]

Ofir Arkin hat geschrieben:

> Imagine there is no spoon.

    There is no spoon. It is your mind that bends. :)

> What you can do is to test for firewall presence. This is a very simple
> test that will give you the ability to understand what you facing. 
...
> One nice added value for the auditor will be the ability to identify the
> operating system the FW software will be installed on, given the fact
> the firewall TCP/IP stack generates these lovely RSTs. Another thing
> that the auditor might gain is the understanding that he is dealing with
> several systems and not only with the one he is querying - looking at
> the traces will result in identifying at least two systems which
> communicate with his machine although he is targeting one.

    Yes. This is an issue all operators or auditors need to
    consider: On the one hand, we wish to limit reconnaissance
    activity. Let us not leak information like so many U.S.
    Congressmen. On the other hand, the security of a firewall
    ought not be dependent on the obscurity of its TCP/IP stack.

    I find no simple answer fits every scenario.

    I do urge, however, if one is attempting to "stealthen" a
    firewall, one will have to remember that TTL decrementation
    still takes place. The FreeBSD kernel IPFW implementation
    *used*[0] to have the option to not subtract from TTL. If one
    doesn't mind playing havoc with traceroute, this, too, may be
    an option.

    -anthony kim

    [0] I have not been following IPFW in 4.4 or 5.0-CURRENT so
    can't speak definitively.

-- 
HTTP request sent, awaiting response... 404 Object Not Found
ERROR 404: Object Not Found.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/