Security Basics mailing list archives
RE: Allowing scanning from home
From: Steven Trewick <STrewick () joplings co uk>
Date: Tue, 2 Nov 2004 11:26:24 -0000
but spoofing an IP addy is a very trivial task
While I would agree that it is entirely trivial to create and send IP packets with arbitrary addresses, this is by no means the same thing as being able to levarage IP "spoofing" into a successful attack, particularly if TCP based protocols are involved (UDP is more trivial, but only if no reply is required) In any case, surely IP spoofing would not be an issue if all you are doing is running port scan tools against the network, it is only an issue if you are allowing inward connections from those particular IP addresses, and even then falls under the above caveats, EG it is very non trivial to mount a successful IP spoofing attack through a chain of routers, such as one might find between an employee's ISP and your own network border (unless you are running some horribly vulnerable UDP based service at your network border, in which case you are already screwed anyway) Or have I misunderstood something ?
-----Original Message----- From: xyberpix [mailto:xyberpix () xyberpix com] Sent: 30 October 2004 22:07 To: Donald Voss Cc: ericaldrc51 () netscape net; Security Basics[List] Subject: Re: Allowing scanning from home I would say that a thorough inspection of the host network that's going to be doing the scanning should be done. That's what we do at our place, in regard to employee's and any itsec contractors that we have in. It may be an invasion of privacy, but spoofing an IP addy is a very trivial task, and social engineering can lead to a world of wealth. Just my 2p's worth. xyberpix On Thu, 2004-10-28 at 21:33, Donald Voss wrote:Eric, I'm not the group .. but my $.02. Policy, policy, policy, as in your company's. Satisfy that .. or decide one needs to be written and approved. Then .. a get out of jail card .. written .. by supervisoron up if needbe with details - names, tools, - maybe a time period .. areport, etc./don ericaldrc51 () netscape net wrote:What's the group's consensus on allowing security staffto scan the company's external interfaces from their home, to get a true external assessment. I personally don't agree with this for audit and other reasons. Just looking for some other professional viewpoints. Thx.__________________________________________________________________ Switch to Netscape Internet Service. As low as $9.95 a month -- Sign up today athttp://isp.netscape.com/registerNetscape. Just the Net You Need. New! Netscape Toolbar for Internet Explorer Search from anywhere on the Web and block those annoying pop-ups. Download now at http://channels.netscape.com/ns/search/install.jsp-- For Security and Open Source news: http://xyberpix.demon.co.uk
The information contained in this e-mail is confidential and may be privileged, it is intended for the addressee only. If you have received this e-mail in error please delete it from your system. The statements and opinions expressed in this message are those of the author and do not necessarily reflect those of the company. Whilst Joplings Group operates an e-mail anti-virus program it does not accept responsibility for any damage whatsoever that is caused by viruses being passed. joplings.co.uk
Current thread:
- RE: Allowing scanning from home Dan Denton (Nov 01)
- <Possible follow-ups>
- Re: Allowing scanning from home Nathaniel Hall (Nov 01)
- RE: Allowing scanning from home Jeff Gercken (Nov 01)
- Re: Allowing scanning from home Dan Tesch (Nov 01)
- Re: Allowing scanning from home xyberpix (Nov 01)
- RE: Allowing scanning from home Jeff Gercken (Nov 01)
- RE: Allowing scanning from home Steven Trewick (Nov 02)