The following appears on one of their web pages:
(http://www.mazama.com/mpf12desc.html):
...
TECHNICAL SECURITY FEATURE LIST
_________________________________________________________________
* Blocking of all services which are not explicitly enabled.
* Blocking of ICMP Redirect Packets.
* Blocking of IP Source Route options.
* Blocking of Spoofed IP addresses.
* Blocking of Spoofed IP fragments.
* Dangerous services such as rsh/rlogin, X window, Openwindows, NFS,
and other RPC services are blocked by default.
* TCP Services use SYN/ACK checking to verify the direction of all
TCP connections.
* We have used SATAN to analyze MPF installations and verified that
the above security problems are solved by MPF. The current version
of MPF can detect port scans from SATAN and automatically block
all packets from a host running SATAN.
...
The last item is what I would draw your attention to.
SATAN does *NOT* test all of the above. In fact, it only does the first.
Well, to be pedantic, it doesn't look for blocked services, but scans
looking for services which are active and are possible avenues for a breakin.
That is unless they developed their own plug-in tests for SATAN, which
their web page doesn't brag about, so I'll assume to not be the case O:).
Maybe they assumed that their DHB (Dynamic Host Blocking) solved everything
when it blocks out an entire host when it notices a SATAN style attack.
Now, if they had of mentioned ISS, I might take it more seriously and assume
that maybe 3 or more of the above had been checked...
IMHO, that particular page stinks...(you can find other rich comments there,
too...)...probably from Marcus's dead chicken that they waved around and
dropped there ;)
darren
(p.s. chris, if you get an order from a certain company, you owe me one ;-)
|
|
