A. Padgett Peterson, P.E. Information Security mumbled something vague about:
>
> Alan rites:
> > Now, I have to ask myself, what are some uses of multiples ip numbers on
> >one address? I see the usefulness for servers, like FTP, Web, etc...; but how
> >about for Security and Breach detection?
>
> You recall I mentioned a "minefield", well suppose that a PC was set
> on the firewall feed and *all* unused subnet addresses in your domain
> that came from the great beyond were recognized/alarmed/logged by that one
> machine (or maybe two identical ones if you like redundancy). Need I say
> more ?
A better way than explicit binding of all those IPs would be a network
monitor that just watched everything, discarded those packets related to
known-legal (and known-that-traffic-should-come-through-these-here-parts, if
there's a difference) hosts, and logged the rest. Or three PCs, if
triplicate turns you on. =)
It's probably actually easier than convincing the machine to watch all of n
addresses, for very large values of n, or very small values of machine.
Mike
References:
-
Multiple addresses
From: padgett @
tccslr .
dnet .
mmc .
com (A. Padgett Peterson, P.E. Information Security)
|
|
