Firewall Wizards mailing list archives
Re: Question about vulnerabilty
From: David LeBlanc <dleblanc () mindspring com>
Date: Fri, 06 Aug 1999 18:24:24 -0700
At 03:28 PM 8/5/99 -0700, Robert Driscoll wrote:
Several of my offices are requesting local internet connections.
If the local office offers no services, (No sendmail, DNS, WebSite etc.) out the local internet connection. What vulnerabilities exist for this scenario? We are using an unroutable address (10.x.x.x) internally. I guess telneting into the local router and hacking that way. (Possible IP Spoofing?)
If the branch offices machines weren't listening on _any_ ports, then you might be OK. I find that unlikely. What is much more likely is that you've got all sorts of client machines, and they have personal web servers, shares, etc. They also tend to think their machine isn't important, and so they don't need to secure it. So your attacker is going to come in through your router, take over one of the clients, and now he's routable. I'd say that if they want a local connection, put some sort of proxy with NAT in place to take care of just simple stuff like web and FTP. Only problem I'd see is you then need someone to make sure all these local proxies are correctly configured and properly patched. I would recommend doing something for them, else you'll find an office full of people with analog to digital converters for the modems on their laptops, all dialed out to their ISP, which is much worse. Alternately, see if you can pry the $$ out of the penny pinchers for enough bandwidth to do what you need. David LeBlanc dleblanc () mindspring com
Current thread:
- Question about vulnerabilty Robert Driscoll (Aug 06)
- Re: Question about vulnerabilty David LeBlanc (Aug 07)