Great Circle Associates Firewalls
(June 1996)

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: Spoofing - what is in a name
From: "Kenneth J. Stephens" <Kenneth_Stephens @ miconsulting . com>
Date: Tue, 25 Jun 1996 15:36:08 -0400 (EDT)
To: "Daniel Salenger" <dsalenger @ dttus . com>
Cc: firewalls @ GreatCircle . COM

At 10:44 AM 6/25/96 CST, you wrote:
>     For lack of better terminology, I have been calling both of the 
>     following situations 'spoofing'.  If there is a better industry term 
>     for the second scenario I would like to hear it:
>     1. MIBH (Man in Black Hat) knows the internal workings of the network 
>     at company X.  MIBH directly attempts to use an internal trusted IP 
>     address from an untrusted attached network.
>     2. MIBH believes that company X is properly firewalled and that spoof 
>     type 1 will not work.  MIBH knows that company X has strong ties with 
>     company Y.  MIBH attempts to use the company Y IP address to gain 
>     trusted access to application proxies on the firewall.
>     I realize that there are proper methods for protecting from both 
>     attacks, I am just curious about naming conventions.  Spoof type two 
>     is still the attempt to use a trusted IP address to access restricted 
>     services.
>     Dan Salenger
>     Deloitte & Touche LLP
>     dsalenger @
 dttus .

I assume from your description that in Case 1, no firewall is present
to protect the "trusted" network from the untrusted attached network. 
In Case 1 you are attempting to spoof the network directly.  In Case 2
you are trying to spoof the network through a firewall.  I see very little
difference between the two.  Why would you think they should be known by 
two seperate terms.  Maybe I missed your point?



[]  Ken_Stephens @
 miconsulting .
 com    (313) 876-5081   []
[]  Senior Capacity Planner/Data Security Officer     []
[]  Michigan Employment Security Commission (MESC)    []
[]  Millennium Consulting                             []
[]                                                    []
[]  Your Security Policy is only as strong as your    []
[]  organization's commitment to it.                  []

Indexed By Date Previous: Re: LACC: A response from CSI
From: Ian Johnstone-Bryden <ianj-b @ dial . pipex . com>
Next: Re: SOCKS protocol.
From: "Mark J. Smith" <Mark_J . _Smith @ usairln . usair . com>
Indexed By Thread Previous: Spoofing - what is in a name
From: "Daniel Salenger" <dsalenger @ dttus . com>
Next: Re: Spoofing - what is in a name
From: Bob Bowes <rebowes @ iwdc1 . office . rest . tasc . com>

Search Internet Search