Great Circle Associates Firewalls
(June 1996)

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Spoofing - what is in a name
From: "Daniel Salenger" <dsalenger @ dttus . com>
Date: Tue, 25 Jun 96 10:44:29 CST
To: firewalls @ GreatCircle . com

     For lack of better terminology, I have been calling both of the 
     following situations 'spoofing'.  If there is a better industry term 
     for the second scenario I would like to hear it:
     1. MIBH (Man in Black Hat) knows the internal workings of the network 
     at company X.  MIBH directly attempts to use an internal trusted IP 
     address from an untrusted attached network.
     2. MIBH believes that company X is properly firewalled and that spoof 
     type 1 will not work.  MIBH knows that company X has strong ties with 
     company Y.  MIBH attempts to use the company Y IP address to gain 
     trusted access to application proxies on the firewall.
     I realize that there are proper methods for protecting from both 
     attacks, I am just curious about naming conventions.  Spoof type two 
     is still the attempt to use a trusted IP address to access restricted 
     Dan Salenger
     Deloitte & Touche LLP
     dsalenger @
 dttus .

Indexed By Date Previous: Re: A response from CSI
From: Julian Assange <proff @ suburbia . net>
Next: Re: LACC: A response from CSI
From: Richard Stiennon <richards @ netrex . com>
Indexed By Thread Previous: Re: Checkpoint FTP Problem
From: Barbara Jaarsma <barbara @ us . checkpoint . com>
Next: Re: Spoofing - what is in a name
From: "Kenneth J. Stephens" <Kenneth_Stephens @ miconsulting . com>

Search Internet Search