Firewalls: Re: [Fwd: Internal modems ?]

Firewalls
(January 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: [Fwd: Internal modems ?]
From:	Adam Shostack <adam @ homeport . org>
Date:	Thu, 30 Jan 1997 14:08:26 -0500 (EST)
To:	plarkin @ iphase . com (Patrick Larkin Jr)
Cc:	firewalls @ GreatCircle . COM
In-reply-to:	<32EFC6B0 . 41C67EA6 @ iphase . com> from Patrick Larkin Jr at "Jan 29, 97 03:52:48 pm"

Patrick Larkin Jr wrote:

| >    Maybe this subject has been dealt with to the point of sickness, but...
| >    One of my customers is looking for a _systematic_ way (well, as near as
| > possible, as usual) to detect if any internal user, on his network, may have
| > some modem attached to his computer (W95, OS/2 or Unix). I just told him that
| > this seemed dubious at most, but customers are customers.
| >    So, what is your opinion ?

	Not yet mentioned was that dialup IP connections often send
out telltale messages; I've seen ICMP redirects for IP space that
should not have been reachable when someone dialed to their ISP.

	Its not reliably there, but is something to look for.

Adam



-- 
Pet peeve of the day: Security companies whose protocols dare not
speak their name. Guilty company of the day is Security Dynamics.

References:

[Fwd: Internal modems ?]
From: Patrick Larkin Jr <plarkin @ iphase . com>

Indexed By Date	Previous:	Re: smap, smtpd, qmail, sendmail, etc. From: M Lyons <lyonsm @ netbistro . com>
Indexed By Date	Next:	RE: Secure Telneting into a internal network From: "Derrick 'Red 5' Cole" <derrick . cole @ ssds . com>
Indexed By Thread	Previous:	[Fwd: Internal modems ?] From: Patrick Larkin Jr <plarkin @ iphase . com>
Indexed By Thread	Next:	Re: [Fwd: Internal modems ?] From: "Patrick O'Callaghan" <poc @ usb . ve>