Firewall Wizards mailing list archives
RE: Sliding/Shifting/Morphing firewalls
From: "Safier, Adam (GEIS)" <Adam.Safier () geis ge com>
Date: Thu, 11 Feb 1999 18:19:55 -0500
Got it, Sorry, I was thinking ACL's on intermediary routers but this is a source port. It would still be nice to specify a usable range for weird situations but most apps should be fine. Thanks, Adam
-----Original Message----- From: cbrenton [SMTP:cbrenton () sover net] Sent: Wednesday, February 10, 1999 11:42 PM To: Safier, Adam (GEIS) Cc: Stout, Bill; Firewall-wizards Subject: RE: Sliding/Shifting/Morphing firewalls On Wed, 10 Feb 1999, Safier, Adam (GEIS) wrote:But what does it do for/to network support?Its not so much a network support thing as a security thing. Some operating systems will assign concurrent upper port numbers as source ports as each session is established from a particular machine. This is especially nasty if the device in question is a firewall or a NAT device because and attacker is able to predict what source port numbers will be valid in the future based on how busy the system is. An attacker can then use this information to launch a man in the middle or similar attack. By handing out random source port numbers, predicting which ports will be opened next becomes far more difficult. True this is STO because you are hiding the next available port number rather than locking it down, but the random assignmnet does make it that much harder for an attacker to worm their way in. Hope this helps, Chris -- ************************************ cbrenton () sover net * Multiprotocol Network Design & Troubleshooting http://www.amazon.com/exec/obidos/ASIN/0782120822/geekspeaknet * Mastering Network Security http://www.amazon.com/exec/obidos/ASIN/0782123430/geekspeaknet
Current thread:
- Re: Sliding/Shifting/Morphing firewalls, (continued)
- Re: Sliding/Shifting/Morphing firewalls cbrenton (Feb 10)
- RE: Sliding/Shifting/Morphing firewalls Stout, Bill (Feb 10)
- Re: Sliding/Shifting/Morphing firewalls Stephen P. Berry (Feb 11)
- RE: Sliding/Shifting/Morphing firewalls Safier, Adam (GEIS) (Feb 11)
- RE: Sliding/Shifting/Morphing firewalls cbrenton (Feb 11)
- RE: Sliding/Shifting/Morphing firewalls Stout, Bill (Feb 11)
- RE: Sliding/Shifting/Morphing firewalls Stout, Bill (Feb 11)
- Re: Sliding/Shifting/Morphing firewalls Stephen P. Berry (Feb 11)
- Re: Sliding/Shifting/Morphing firewalls Joseph S D Yao (Feb 12)
- Re: Sliding/Shifting/Morphing firewalls Stephen P. Berry (Feb 11)
- Re: Sliding/Shifting/Morphing firewalls montenegro (Feb 11)
- RE: Sliding/Shifting/Morphing firewalls Safier, Adam (GEIS) (Feb 11)
- RE: Sliding/Shifting/Morphing firewalls ark (Feb 12)
- RE: Sliding/Shifting/Morphing firewalls Stout, Bill (Feb 12)