Firewall Wizards mailing list archives
Re: detecting multihomed host
From: alexander lind <malte () webstay org>
Date: Sat, 2 Aug 2008 19:10:25 -0700
On Aug 1, 2008, at 10:51 PM, K K wrote:
Finally, repeat the test a third time, again two at a time, one of the two always being the target (W.X.Y.123) and the second being one of the other 199 active addresses.
Very interesting read. Thank you for laying it out for me.Now if we pretend you are the attacker that wants to gather this information on my network, could you think of any ways to do it still if I closed down _all_ services on the machines behind the NAT?
All of the above can be done slowly, over a period of several days, and from a wide variety of source addresses to evade trivial detection by IPS or log analysis. One possibility to mitigate this exposure is to use higher level proxies instead of a bridging firewall.
Can you elaborate a little bit on what you mean by higher level proxies please?
(P.S. The term "multihome" usually means a host with multiple NICs, each one on a different network, the situation you describe, a host with many aliases on a single NIC, is a different beast, but I don't know the best name for it.)
I stand corrected. What if I create virtual interfaces with faked MAC addresses, would you call that multihoming?
Thanks Alec _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- detecting multihomed host alexander lind (Aug 01)
- Re: detecting multihomed host Marcin Antkiewicz (Aug 04)
- Re: detecting multihomed host Paul D. Robertson (Aug 04)
- Re: detecting multihomed host K K (Aug 04)
- Re: detecting multihomed host alexander lind (Aug 04)
- Re: detecting multihomed host K K (Aug 04)
- Re: detecting multihomed host alexander lind (Aug 04)
- Re: detecting multihomed host Chuck Swiger (Aug 04)
- Re: detecting multihomed host alexander lind (Aug 04)
- Re: detecting multihomed host Marcin Antkiewicz (Aug 04)