Great Circle Associates Firewalls
(November 1997) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Hijak detection
From: Frank Willoughby <frankw @ in . net>
Date: Wed, 05 Nov 1997 02:21:56 -0500
To: anarch @ freedom . gmsociety . org
Cc: doy @ indo-mail . com (Doy), firewalls @ greatcircle . com
In-reply-to: <199711041608 . LAA17744 @ freedom . gmsociety . org>
References: <345F3229 . 1AAE @ indo-mail . com> 
At 11:08 AM 11/4/97 -0500, Brad wrote:
>Check out Wheelgroup's NetRanger Intrusion Detection product and upcoming
NetSonar vulnerability scanner.
>Handles hijacking and much more, also works at fast ethernet and fddi speeds.
>
>Wrath

Perhaps I'm missing something.  Why would Wheelgroup's NetRanger product be
able 
to stop session hijacking?  Any hacker who is worth their salt will be able
to 
roll their own custom packets to be exactly what the firewall would expect
the 
packets to be (including source/destination info, sequence numbers, etc.)
The 
only defense against session hijacking that I'm aware of is to encrypt from 
point-to-point.  

Best Regards,


Frank
The opinions of the author of this mail may not necessarily be 
representative of the opinions of Fortifed Networks, Inc.

Fortified Networks, Inc. - http://www.fortified.com/
Expert (vendor-neutral) Computer and Network Security Consulting
Phone: (317) 573-0800     Fax: (317) 573-0817
Follow-Ups:
References:
Indexed By Date Previous: why use a smtp proxy
From: "Jan Zeilinga" <j . zeilinga @ abm . com . au>
Next: Re: why use a smtp proxy
From: Stepken <stepken @ edina . xnc . com>
Indexed By Thread Previous: Re: Hijak detection
From: Brad <brad @ freedom . gmsociety . org>
Next: Re: Hijak detection
From: Adam Shostack <adam @ homeport . org>
Google
 
Search Internet Search www.greatcircle.com