[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    Re: frame relay...
From:       "Alvaro Rodriguez" <arodriguez () cofac ! com ! uy>
Date:       1999-11-25 2:55:16
[Download RAW message or body]

Hello all,
Frame relay is like any other packet switched network, frames can be sniffed
and decoded by someone who has management access to the packet switches (or
has broke into them, which is indeed a possibility).
I think that any corporation considering to run its network over FR **must
encrypt the payload**.
The issue can become even more critical when using international connections
as your frames will (possibly) cross many carriers, and... who can trust
blindly ?

As per hacking intents, if the technology used by the service provider is
mature and proved it can never happen that a hacker could essay a spoofing,
man-in-the-middle or something like attack.
However, if the access switch is not properly engineered or its architecture
is like that of a 'classical' packet switch, it could be overloaded with a
stream of small packets that can raise processor utilization and render the
whole access switch unusable. (This is more a limitation in the equipment
than in the technology itself, although I have seen this effect by myself).

Hope this helps.
brgds / Alvaro.

----- Original Message -----
From: Ron DuFresne <dufresne@winternet.com>
To: Marc Renner <mrenner@ci.marysville.wa.us>
Cc: <firewalls@Lists.GNAC.NET>
Sent: Tuesday, November 23, 1999 10:04 PM
Subject: Re: frame relay...


> I'd like to thank all that have responded so far, Mr's Hill, Bruce, Doug,
> Pete, Marc, et. al.,  Thanks much.
>
> Analyzing Broadband Networks by Mark A. Miller, is ripe with example
> traces via a 'expert sniffer internetwork analyzer', a serious little tool
> top thing, I had occasion to play with one.  As mentioned, not a cheap toy
> for sure, yet, not 'unafordable' either...
>
> Now, perhaps I can refine my question some here for more detail;
>
> Do most folks here run their networks with encryption on the endpoints of
> their private frame relay links?
>
> Aside from the 'public' frame realy connections open out here on the net,
> are their 'real' concerns of snooping, snatching, and or hacking via
> 'private' frame relay connections and your 'peers' on the far endpoint?
>
> Again, thans all,
>
> Ron DuFresne
>
>
> On Tue, 23 Nov 1999, Marc Renner wrote:
>
> > *laugh*
> >
> >      Paraphrasing from Mastering Network Security by Chris Brenton page
> >      125, it can be broken into if:
> >
> >      Someone is connected to the CO and switch, and they know your DLCI.
> >
> >      The book goes into it a little more.
> >
> >      THX,
> >      Pete Goodridge
> >
> > So what you're telling this person is to go buy a book? If this is all
we are going to tell people who traffic this mailing list for help, we
undermine the very purpose of it's existence - INFORMATION. I would suggest
that if you do not have anything of value to post, please refrain..we all
have enough SPAM to deal with day-to-day.
> >
> > Ron: In response to your original question, about 99.98% of internet
traffic is at some point "frame-relay". As a result the majority of "Hacked"
or "compromised" systems are done using a frame relay circuit at some point
between the criminal and the victim. This does not need to be done using a
"sniffer". Typically it's done by port scanning, with a utility that scans
an IP address or range of IP addresses for open or active ports. Once the
active ports are noted a hacker will then trying to brute-force their way
into the system by using pregenerated login/password lists and a program
that will keep hammering the system with different combinations of
logins/passwords untill it finds one that works.
> >
> > Packet sniffing attacks are relatively rare, one must have access to
your cable structure in order to grab your packets. OR as Mr. Brenton points
out access to your telephone company's cable structure.
> >
> >  All these reports of web sites being hacked and "Stolen" are done by
poorly written cgi scripts that allow command line executions (earlier
versions of Apache Web Server were notorious for allowing these cgi scripts
by default)
> >
> > I hope this helps clear things up...
> >
> > Marc Renner - Director
> > Network Operations Dept.
> > City of Marysville, Wa.
> >
> > ++Don't get MAD....Get NDS!++
> >
> >
> > -
> > [To unsubscribe, send mail to majordomo@lists.gnac.net with
> > "unsubscribe firewalls" in the body of the message.]
> >
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> "Cutting the space budget really restores my faith in humanity.  It
> eliminates dreams, goals, and ideals and lets us get straight to the
> business of hate, debauchery, and self-annihilation." -- Johnny Hart
> ***testing, only testing, and damn good at it too!***
>
> OK, so you're a Ph.D.  Just don't touch anything.
>
> -
> [To unsubscribe, send mail to majordomo@lists.gnac.net with
> "unsubscribe firewalls" in the body of the message.]

-
[To unsubscribe, send mail to majordomo@lists.gnac.net with
"unsubscribe firewalls" in the body of the message.]

[prev in list] [next in list] [prev in thread] [next in thread]