Firewalls: Spoofing - what is in a name

Firewalls
(June 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Spoofing - what is in a name
From:	"Daniel Salenger" <dsalenger @ dttus . com>
Date:	Tue, 25 Jun 96 10:44:29 CST
To:	firewalls @ GreatCircle . com

     For lack of better terminology, I have been calling both of the 
     following situations 'spoofing'.  If there is a better industry term 
     for the second scenario I would like to hear it:
     
     1. MIBH (Man in Black Hat) knows the internal workings of the network 
     at company X.  MIBH directly attempts to use an internal trusted IP 
     address from an untrusted attached network.
     
     2. MIBH believes that company X is properly firewalled and that spoof 
     type 1 will not work.  MIBH knows that company X has strong ties with 
     company Y.  MIBH attempts to use the company Y IP address to gain 
     trusted access to application proxies on the firewall.
     
     
     I realize that there are proper methods for protecting from both 
     attacks, I am just curious about naming conventions.  Spoof type two 
     is still the attempt to use a trusted IP address to access restricted 
     services.
     
     
     Dan Salenger
     Deloitte & Touche LLP
     dsalenger @
 dttus .
 com

Indexed By Date	Previous:	Re: A response from CSI From: Julian Assange <proff @ suburbia . net>
Indexed By Date	Next:	Re: LACC: A response from CSI From: Richard Stiennon <richards @ netrex . com>
Indexed By Thread	Previous:	Re: Checkpoint FTP Problem From: Barbara Jaarsma <barbara @ us . checkpoint . com>
Indexed By Thread	Next:	Re: Spoofing - what is in a name From: "Kenneth J. Stephens" <Kenneth_Stephens @ miconsulting . com>