Excerpts from Firewalls: 28-Oct-93 Re: System Security "Perry E.
Metzger"@lehma (2335)
> Everyone on this list should get through their heads that wires are
> insecure, and that anyone can forge packets. Data going over a wire
> without cryptographic authentication is always insecure, barring
> complete physical control over the entire line at all times. Few sites
> can afford to place an armed guard every five feet. Most sites have a
> PC here and there already on their networks. Intelligent users abound.
> I remember how we didn't take X security seriously around here ("none
> of our users could know how to tap X sessions" was the attitude) until
> someone posted an X keystroke recorder to the net, and some of our
> users started fooling around with it. There are a dozen packages out
> there that could be modified very easily to allow anyone who's got a
> link to your ethernet to start spoofing you in a big way. "private
> subnet numbers" mean squat. A "private subnet number" is as easy to
> stick into an IP header as any other number. Bits are bits are bits.
Everyone on this list should take a course in basic networking.
Spoofing a packet won't do you a bit of good if nobody will route it.
Try faking a subnet number on a return packet header, and see how far
that gets you. Try tunneling, or any other method. Unless you have a
key (a metal one) to enter the room that houses the mainframe and its
router, you're not going to get in (actually, you can enter, but you can
never leave, as the song goes).
-Bob
Follow-Ups:
References:
|
|
