RE: Sliding/Shifting/Morphing firewalls

["Safier, Adam (GEIS)" <Adam.Safier () geis ge com>]

Got it, Sorry, I was thinking ACL's on intermediary routers but this is a
source port. It would still be nice to specify a usable range for weird
situations but most apps should be fine.  

Thanks,
Adam

> -----Original Message-----
> From: cbrenton [SMTP:cbrenton () sover net]
> Sent: Wednesday, February 10, 1999 11:42 PM
> To:   Safier, Adam (GEIS)
> Cc:   Stout, Bill; Firewall-wizards
> Subject:      RE: Sliding/Shifting/Morphing firewalls
>
> On Wed, 10 Feb 1999, Safier, Adam (GEIS) wrote:
>
> > But what does it do for/to network support?
>
> Its not so much a network support thing as a security thing. Some
> operating systems will assign concurrent upper port numbers as source
> ports as each session is established from a particular machine. This is
> especially nasty if the device in question is a firewall or a NAT device
> because and attacker is able to predict what source port numbers will be
> valid in the future based on how busy the system is. An attacker can then
> use this information to launch a man in the middle or similar attack. 
>
> By handing out random source port numbers, predicting which ports will be
> opened next becomes far more difficult. True this is STO because you are
> hiding the next available port number rather than locking it down, but the
> random assignmnet does make it that much harder for an attacker to worm
> their way in.
>
> Hope this helps,
> Chris
> --
> ************************************
> cbrenton () sover net
>
> * Multiprotocol Network Design & Troubleshooting
> http://www.amazon.com/exec/obidos/ASIN/0782120822/geekspeaknet
> * Mastering Network Security
> http://www.amazon.com/exec/obidos/ASIN/0782123430/geekspeaknet