Great Circle Associates Firewalls
(April 1995) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: re: Appletalk resources safe behind IP router
From: padgett @ tccslr . dnet . mmc . com (A. Padgett Peterson, P.E. Information Security)
Date: Tue, 25 Apr 95 08:46:18 -0400
To: "firewalls @ greatcircle . com"@UVS1.dnet.mmc.com 
>Have an internal net with a mixture of Appletalk only and TCP/IP only
>machines, with an Acend P50 router to the Internet which is set to IP
>traffic only.

Well this will prevent a direct attack however if an internal system can 
be compromised using TCP, it could be used to access the Appletalk on the
same twisted pair. One simple example would be the case of a PC accessable
via telnetd and having FTP capability - connect to the PC, upload Farallon's
Timbuctu for the PC & execute - instant Appletalk connectivity. 

A "sniffer" attack is even easier. Pick almost any machine and such a two-
stage attack will work. If A has access to B and B has access to C then 
A has access to C.

This is why it is dangerous to say "this cannot cross the 'wall so it is 
safe" if something else can.
					Warmly,
						Padgett
Indexed By Date Previous: Re: Address/Port Translation
From: Darren Reed <avalon @ coombs . anu . edu . au>
Next: Re: Lecture on firewall performance
From: Dermot Tynan <dtynan @ karpov . ilo . dec . com>
Indexed By Thread Previous: Re: Terrorism (was good times hoax)
From: Adam Shostack <adam @ bwh . harvard . edu>
Next: E911 compromised
From: Bob Bruchs <bruchs @ zdexpos . com>
Google
 
Search Internet Search www.greatcircle.com