Firewalls: Re: Exploiting UDP Ports

Firewalls
(April 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Exploiting UDP Ports
From:	"Michael R. Widner" <mmwidner @ gsbux1 . uchicago . edu>
Date:	Sun, 16 Apr 1995 15:28:19 -0500 (CDT)
To:	fc @ all . net (Dr. Frederick B. Cohen)
Cc:	firewalls @ greatcircle . com
In-reply-to:	<9504161552 . AA03983 @ all . net> from "Dr. Frederick B. Cohen" at Apr 16, 95 11:52:04 am
Reply-to:	widner @ uchicago . edu

Previously, Dr. Frederick B. Cohen wrote:
> 	Does anyone know if there is a version of syslog that does not
> run over UDP? Does anyone have a utility (similar to telnet?) that will
> let me create UDP packets from shell scripts so I can test UDP attacks
> from shell scripts?

One of the great things about syslogd on UDP is that anybody can put
forged entries into your log files.  This is a great way to frame
somebody you don't like, or just generally contribute to the paranoia
of an admin you want to play games with.  Perhaps insert 100 failed
telnet and rlogins as root from cert.org to all your friends machines.

This just goes back to the same old points.  IP addresses are not good
for authentication, and they're really not even good for identification.
UDP is easy to fake, so don't trust much of what you see on it unless
you've got a good authentication scheme on top of it.

-Mike
-- 
Michael R. Widner
widner @
 uchicago .
 edu

References:

Exploiting UDP Ports
From: fc @ all . net (Dr. Frederick B. Cohen)

Indexed By Date	Previous:	Re: Exploiting UDP Ports From: Barney Wolff <barney @ databus . com>
Indexed By Date	Next:	Re: Exploiting UDP Ports From: greep @ datatools . com (Steven Tepper)
Indexed By Thread	Previous:	Crisco rooters?.. Let's change the subject.. From: Bob Beck <beck @ cs . ualberta . ca>
Indexed By Thread	Next:	Re: Exploiting UDP Ports From: greep @ datatools . com (Steven Tepper)