At 10:44 AM 6/25/96 CST, you wrote:
> For lack of better terminology, I have been calling both of the
> following situations 'spoofing'. If there is a better industry term
> for the second scenario I would like to hear it:
>
> 1. MIBH (Man in Black Hat) knows the internal workings of the network
> at company X. MIBH directly attempts to use an internal trusted IP
> address from an untrusted attached network.
>
> 2. MIBH believes that company X is properly firewalled and that spoof
> type 1 will not work. MIBH knows that company X has strong ties with
> company Y. MIBH attempts to use the company Y IP address to gain
> trusted access to application proxies on the firewall.
>
>
> I realize that there are proper methods for protecting from both
> attacks, I am just curious about naming conventions. Spoof type two
> is still the attempt to use a trusted IP address to access restricted
> services.
>
>
> Dan Salenger
> Deloitte & Touche LLP
> dsalenger @
dttus .
com
>
>
I assume from your description that in Case 1, no firewall is present
to protect the "trusted" network from the untrusted attached network.
In Case 1 you are attempting to spoof the network directly. In Case 2
you are trying to spoof the network through a firewall. I see very little
difference between the two. Why would you think they should be known by
two seperate terms. Maybe I missed your point?
Ken
[][][][][][][][][][][][][][][][][][][][][][][][][][][]
[] Ken_Stephens @
miconsulting .
com (313) 876-5081 []
[] Senior Capacity Planner/Data Security Officer []
[] Michigan Employment Security Commission (MESC) []
[] Millennium Consulting []
[] []
[] Your Security Policy is only as strong as your []
[] organization's commitment to it. []
[][][][][][][][][][][][][][][][][][][][][][][][][][][]
|
|
