>I was just playing with a brandy-new Sun that someone had had installed in a
>very vendor-default way by some OEM [complete with + in /etc/hosts.equiv],
>and realized that if I do NOT give it a default route, but only routes to some
>of our internal nets, that the outside world will essentially never know it's
>there. I realized that I could probably do this on several other machines
>that normally never need to talk to the outside. [And turn off routed, of
>course.] Now, the question is, is there something I'm missing here such that
>this isn't enough? I'm not addressing the concept of someone blind-barraging
>the machine with packets from the outside, of course...
I think this is only a viable strategy when you have complete control over all
systems in your network. If you have a large, rambling network, you have
to assume that any weak, accessible, system on it will give an invader a more
"trusted" status to attack other machines on the net, eventually finding
their way to the machines which you have "secured" in this fashion.
I think an important purpose of a firewall to deny access to systems on my
net which are not well-managed, either through neglect or a low level of
technical expertise. Even if I didn't care about protecting these systems,
it helps to control what I call the "friend of my brother-in-law's friend"
attack.
-------------------------------------------------------------------------------
Robert K. Stodola Phone: (215) 728-3660
Manager, Research Computing Services FAX: (215) 728-2513
The Fox Chase Cancer Center internet: RK_Stodola @
fccc .
edu
7701 Burholme Avenue +--------------------------------------------
Philadelphia, PA 19111 | "Don't ever try to teach a pig to sing: it
USA | wastes your time and it annoys the pig."
----------------------------------+--------------------------------------------
References:
-
routing..
From: hobbit @
ftp .
com (*Hobbit*)
|
|
