'Re: Router programming,source routes and spoofed ICMP attacks.'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: Router programming,source routes and spoofed ICMP attacks.
From:       Chris Johnson <ScottAjIlI () aol ! com>
Date:       1996-06-24 21:23:14
[Download RAW message or body]

Multiple ANS InterLock connections is a good  way to go.

   The InterLock can be used to generate detailed logs and reports on
authorized and unauthorized network connections. The logs accumulate usage
statistics on a per user, per IP address, or per service basis.  The data
includes information on the duration of connection, bytes transferred, file
names and sizes of files.  Run-time data reduction tools are used to specify
the level of detail and the amount of information logged for each service.
 Post run-time reporting tools can be used to generate usage statistics.

   The InterLock does not reveal information about the internal network to
the external network.  The InterLock runs on a host with routing functions
and IP forwarding disabled.  As a result of this, information, such as host
names, IP addresses, and network structure, is hidden from the external
network.  Although I wouldn't recommend it, you can also use non-NIC-assigned
IP addresses to the internal network, because these addresses are hidden from
the outside world.

    There are also some OS modifications.  The operating system modifications
are done to prevent security holes that can exist because of improper
configuration.  Instead of turning off operating systems options that can be
hazardous to security, ANS has completely removed these capablities from the
OS to eliminate the possibility of an intruder gaining access to the system
and enabling features that would bypass firewall security.  Now I guess
you're wondering which of the capabilities are removed... well here they are:
 ** No IP forwarding,  ** ICMP redirects are rejected , and ** No strict or
loose source routing.
      With IP forwarding disabled, all connection requests are handled by
application proxy daemons.
      ICMP redirects can be used to create false entries in router tables,
which can lead to denial of service or to network traffic being diverted to
an unsecured host.
     Source routing is removed to prevent packets from bypassing the
firewall.  On many systems source routed packets are forwarded even if IP
forwarding is disabled.  By removing source routing and IP forwarding,
packets can never be routed through the network layer.

       I know this is review for most, but I'm new to this list and thought
that this might help.

  ---- Craig

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic