/ Forside / Teknologi / Internet / Sikkerhed / Nyhedsindlæg
Login
Glemt dit kodeord?
Brugernavn

Kodeord


Reklame
Top 10 brugere
Sikkerhed
#NavnPoint
stl_s 37026
arlet 26827
miritdk 20260
o.v.n. 12167
als 8951
refi 8694
tedd 8272
BjarneD 7338
Klaudi 7257
10  molokyle 6481
Til at få gåsehud over
Fra : Torbenth


Dato : 09-06-01 00:14

Nappet fra WOL generel snak om firewalls.
Kig på http://grc.com/dos/grcdos.htm , den er lang men næsten i bunden
kommer godt nyt for os der bruger Zonealarm 2.6

Mvh.
Torben


 
 
Alex Holst (09-06-2001)
Kommentar
Fra : Alex Holst


Dato : 09-06-01 00:38

Torbenth <torbenth@it.dk> wrote:
> Nappet fra WOL generel snak om firewalls.
> Kig på http://grc.com/dos/grcdos.htm , den er lang men næsten i bunden
> kommer godt nyt for os der bruger Zonealarm 2.6

Steve fatter taet paa ingenting og utroligt mange mennesker kalder ham en
guru -- selv SANS. Han skriver:

"It is impossible for an application running under any version of Windows
3.x/95/98/ME or NT to "spoof" its source IP or generate malicious TCP
packets such as SYN or ACK floods."

Som atstake.com korrekt skrev for nyligt:

===
Raw Sockets are not a Security Risk
contributed by Chris Wysopal (Jun 5, 2001 4:43 pm EST)

The New York Times has an article about Steve Gibson's unfounded and hyped
concern about Windows XP containing raw socket functionality.

The "powerfull Internet-connection capabilities" which is hyped in this
article is merely the ability to write raw IP packets. This is where an
application program controls every field in the IP packet. This
functionality is required if you were writing your own network bridge
program for Windows or other low level network applications. An IDS for
NT that resets connections would need this functionality. AntiSniff,
which detects sniffers on a network, requires this functionality.

This capability, which this article states is so dangerous to the internet,
is already available practically everywhere. It is available in every
commercial and open source unix distribution and is already available for
all Windows platforms (not just Windows XP) through the use of free add on
libraries such as winpcap and libnetNT.

The hype and hyperbole is astounding. From reading this article you'd think
a deluge of DDoS attacks was building up just waiting to be released once
Microsoft releases the all powerful new API. Nothing could be further from
the truth. When XP arrives it will receive a collective yawn from DDoS
attackers who would much rather have their win32 DDoS clients run on
every version of windows using the already available add on libraries.

Once an attacker has administrative control of a machine they can run any
code they want, whether it is native or in an uploaded executable. There is
absolutely nothing stopping an attacker from spoofing IP addresses from a
Windows machine today or tommorrow.
===

--
I prefer the dark of the night, after midnight and before four-thirty,
when it's more bare, more hollow. http://a.area51.dk/


Jesper Dybdal (12-06-2001)
Kommentar
Fra : Jesper Dybdal


Dato : 12-06-01 21:47

a@area51.dk (Alex Holst) wrote:

>Once an attacker has administrative control of a machine they can run any
>code they want, whether it is native or in an uploaded executable. There is
>absolutely nothing stopping an attacker from spoofing IP addresses from a
>Windows machine today or tommorrow.

Netop.

Den eneste fornuftige løsning på spoofing-problemer er at (alle)
ISPer har filtre der hindrer deres kunder i at spoofe.

Jeg aner ikke hvor realistisk det er at forvente det, men
sikkerhed der er baseret på at en maskine som er under en skurks
fulde kontrol, ikke skulle kunne sende en spoofed pakke, er i
hvert fald ikke sagen.

--
Jesper Dybdal, Denmark.
http://www.dybdal.dk (in Danish).

Jesper Louis Anderse~ (13-06-2001)
Kommentar
Fra : Jesper Louis Anderse~


Dato : 13-06-01 14:51

On Tue, 12 Jun 2001 22:47:13 +0200, Jesper Dybdal <jdunet@u5.dybdal.dk> wrote:
> a@area51.dk (Alex Holst) wrote:

> Netop.
>
> Den eneste fornuftige løsning på spoofing-problemer er at (alle)
> ISPer har filtre der hindrer deres kunder i at spoofe.

Det hedder Egress filtering. Og er under anvendelse visse steder. Linux
firewall system har et flag der kan enable det.

--
Jesper

Kan man forstaa kvinder med en babelfisk?? - JL

Kent Friis (13-06-2001)
Kommentar
Fra : Kent Friis


Dato : 13-06-01 17:30

Den Wed, 13 Jun 2001 13:50:56 +0000 (UTC) skrev Jesper Louis Andersen:
>On Tue, 12 Jun 2001 22:47:13 +0200, Jesper Dybdal <jdunet@u5.dybdal.dk> wrote:
>> a@area51.dk (Alex Holst) wrote:
>
>> Netop.
>>
>> Den eneste fornuftige løsning på spoofing-problemer er at (alle)
>> ISPer har filtre der hindrer deres kunder i at spoofe.
>
>Det hedder Egress filtering. Og er under anvendelse visse steder. Linux
>firewall system har et flag der kan enable det.

Der behøver SVJH ikke engang konfigureres/enables firewall på maskinen,
selvom det ofte bruges i samme forbindelse.

Er der forresten nogen der kan forklare mig forskellen på Ingress og
Egress (gerne i forhold til rp_filter)?

Mvh
Kent
--
http://www.celebrityshine.com/~kfr/

Alex Holst (13-06-2001)
Kommentar
Fra : Alex Holst


Dato : 13-06-01 18:38

Kent Friis <kfr@fleggaard.dk> wrote:
> Er der forresten nogen der kan forklare mig forskellen på Ingress og
> Egress (gerne i forhold til rp_filter)?

Retning.


--
I prefer the dark of the night, after midnight and before four-thirty,
when it's more bare, more hollow. http://a.area51.dk/


Søg
Reklame
Statistik
Spørgsmål : 177560
Tips : 31968
Nyheder : 719565
Indlæg : 6408943
Brugere : 218888

Månedens bedste
Årets bedste
Sidste års bedste