Bugtraq mailing list archives
Re: Router programming,source routes and spoofed ICMP attacks.
From: ScottAjIlI () aol com (Chris Johnson)
Date: Mon, 24 Jun 1996 21:23:14 -0400
Multiple ANS InterLock connections is a good way to go. The InterLock can be used to generate detailed logs and reports on authorized and unauthorized network connections. The logs accumulate usage statistics on a per user, per IP address, or per service basis. The data includes information on the duration of connection, bytes transferred, file names and sizes of files. Run-time data reduction tools are used to specify the level of detail and the amount of information logged for each service. Post run-time reporting tools can be used to generate usage statistics. The InterLock does not reveal information about the internal network to the external network. The InterLock runs on a host with routing functions and IP forwarding disabled. As a result of this, information, such as host names, IP addresses, and network structure, is hidden from the external network. Although I wouldn't recommend it, you can also use non-NIC-assigned IP addresses to the internal network, because these addresses are hidden from the outside world. There are also some OS modifications. The operating system modifications are done to prevent security holes that can exist because of improper configuration. Instead of turning off operating systems options that can be hazardous to security, ANS has completely removed these capablities from the OS to eliminate the possibility of an intruder gaining access to the system and enabling features that would bypass firewall security. Now I guess you're wondering which of the capabilities are removed... well here they are: ** No IP forwarding, ** ICMP redirects are rejected , and ** No strict or loose source routing. With IP forwarding disabled, all connection requests are handled by application proxy daemons. ICMP redirects can be used to create false entries in router tables, which can lead to denial of service or to network traffic being diverted to an unsecured host. Source routing is removed to prevent packets from bypassing the firewall. On many systems source routed packets are forwarded even if IP forwarding is disabled. By removing source routing and IP forwarding, packets can never be routed through the network layer. I know this is review for most, but I'm new to this list and thought that this might help. ---- Craig
Current thread:
- Re: Router programming,source routes and spoofed ICMP attacks. Bill Hogan (Jun 20)
- <Possible follow-ups>
- Re: Router programming,source routes and spoofed ICMP attacks. Tom Fitzgerald (Jun 20)
- Re: Router programming,source routes and spoofed ICMP attacks. Jeff Uphoff (Jun 21)
- Re: Router programming,source routes and spoofed ICMP attacks. Alan Brown (Jun 24)
- Re: Router programming,source routes and spoofed ICMP attacks. Chris Johnson (Jun 24)