On Wed, 13 Sep 1995, Bruno MAMER wrote:
> I'm no network expert so correct me if I'm wrong but isn't it easy to
> detect if someone on a LAN connects to Internet (or a WAN) through a modem
> connection ? Won't there be on the lan some unusual trafic (I mean there
> addresses coming from outside the lan) which should be detected if a
> correct monitoring is done ?
>
Not if the PC acts as a proxy, which is true not only of compromised PCs,
but also of protocol encapsulation, a la' win95, wfw, etc., where the
packets destined for the intruder are not IP packets. This is the
most likely form of attack, given that actually putting IP trafic on the
network via routing necessitates the comprmise of routers beyond the
initial subnet, if that subnet isn't between the target host and the
default routes for the network, if you are looking to target hosts
outside of the subnet that the compromised PC sits on.
Also, on large multi-protocol networks, it may be impractical to monitor
addresses based on protocol specific information.
Paul.
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
proberts @
clark .
net which may have no basis whatsoever in fact."
PSB#9280
References:
|
|
