Re: [PLUG] firewall risk

epike on Thu, 30 Jan 2003 12:21:07 -0500

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] firewall risk

From: epike@isinet.com

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] firewall risk

Date: Thu, 30 Jan 2003 12:10:09 -0500 (EST)

Delivery-date: Thu, 30 Jan 2003 12:21:07 -0500

Envelope-to: jeff@localhost

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

well perhaps not 192.168 then... how about this: suppose i'm 1.2.3.4 and somebody i know is running masq on 5.6.7.8 and i want to reach 9.10.11.12 i could say route add -host 9.10.11.12 gw 5.6.7.8 if he has forwarding turned on, AND he BLINDLY masquerades everything he forwards, would I not appear as coming from 5.6.7.8 when i connect to 9.10.11.12? all public ip's... ( tested on my own linux boxes, at least i got to the forwarding part, got as far as making traceroute route to the other linux box first...nothing beyond that but there could me more to this...) jondz > > This would only work if they had access to your internal network as the > computer on the other end would respond to the public IP 1.2.3.4. The > attacker would not see the remote computers response. > > Also, most if not all gateways/routers won't/shouldn't accept packets from a > private IP address (192.168.1.0) coming from the external interface. It's a > big tip-off that the packet is bogus. > > I believe there are other reasons this scenario wouldn't work, but I'm still > groggy this morning. > > > plug-admin@lists.phillylinux.org wrote: > > how about this for an idea. I'm not sure if > > this makes sense, or if it would work at all: > > > > suppose you have masquerading and forwarding enabled, > > that is if you allow forwarding of 192.168.1.x > > and masqueraded them to come from your public ip, > > lets say 1.2.3.4. > > > > somebody from outside could configure their box > > as a 192.168.1.x, configure your 1.2.3.4 as its > > gateway. if your'e NOT using ip tables to > > filter out 192.168.1.x from the 1.2.3.4 address, > > AND you dont have rp_filter enabled, he could > > "pretend" to be you when he surfs the net... > > he could probably pretend to be coming from your > > internal net also... > > > > I'm not sure if that would work or not... > > well maybe not but I dont know why either.. > > > > jondz/epike > > _________________________________________________________________________ > Philadelphia Linux Users Group -- http://www.phillylinux.org > Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce > General Discussion -- http://lists.netisland.net/mailman/listinfo/plug > _________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce General Discussion -- http://lists.netisland.net/mailman/listinfo/plug

References:

RE: [PLUG] firewall risk
From: "Eugene Smiley" <eugene@esmiley.net>

Prev by Date: Re: [PLUG] firewall risk

Next by Date: Re: [PLUG] firewall risk

Previous by thread: RE: [PLUG] firewall risk

Next by thread: Re: [PLUG] firewall risk

Index(es):

Date

Thread