epike on Thu, 30 Jan 2003 10:41:03 -0500 |
how about this for an idea. I'm not sure if this makes sense, or if it would work at all: suppose you have masquerading and forwarding enabled, that is if you allow forwarding of 192.168.1.x and masqueraded them to come from your public ip, lets say 1.2.3.4. somebody from outside could configure their box as a 192.168.1.x, configure your 1.2.3.4 as its gateway. if your'e NOT using ip tables to filter out 192.168.1.x from the 1.2.3.4 address, AND you dont have rp_filter enabled, he could "pretend" to be you when he surfs the net... he could probably pretend to be coming from your internal net also... I'm not sure if that would work or not... well maybe not but I dont know why either.. jondz/epike > > All the discussion about firewalls aside, if a machine is running no > services available to the outside world, how can an attacker break in? > > That is, suppose I make the naive argument that I only run sshd on > port 22, so all other ports get denied anyway by dint of having > nothing listening (not even inetd). Why bother with ip tables beyond > masquerading? > > (I'm pretty sure this is wrong, I just don't know why.) > > -- > Jeff > > Jeff Abrahamson <http://www.purple.com/jeff/> > GPG fingerprint: 1A1A BA95 D082 A558 A276 63C6 16BF 8C4C 0D1D AE4B > _________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce General Discussion -- http://lists.netisland.net/mailman/listinfo/plug
|
|