Re: Question about vulnerabilty

[David LeBlanc <dleblanc () mindspring com>]

At 03:28 PM 8/5/99 -0700, Robert Driscoll wrote:

>       Several of my offices are requesting local internet connections.

>       If the local office offers no services, (No sendmail, DNS, WebSite etc.)
> out
> the local internet connection. What vulnerabilities exist for this scenario?
> We
> are using an unroutable address (10.x.x.x) internally. I guess telneting
> into the
> local router and hacking that way. (Possible IP Spoofing?)

If the branch offices machines weren't listening on _any_ ports, then you
might be OK.  I find that unlikely.  What is much more likely is that
you've got all sorts of client machines, and they have personal web
servers, shares, etc.  They also tend to think their machine isn't
important, and so they don't need to secure it.

So your attacker is going to come in through your router, take over one of
the clients, and now he's routable.  I'd say that if they want a local
connection, put some sort of proxy with NAT in place to take care of just
simple stuff like web and FTP.  Only problem I'd see is you then need
someone to make sure all these local proxies are correctly configured and
properly patched.

I would recommend doing something for them, else you'll find an office full
of people with analog to digital converters for the modems on their
laptops, all dialed out to their ISP, which is much worse.

Alternately, see if you can pry the $$ out of the penny pinchers for enough
bandwidth to do what you need.


David LeBlanc
dleblanc () mindspring com