From owner-freebsd-security Sat Apr 7 15:44:43 2001 Delivered-To: freebsd-security@freebsd.org Received: from cpimssmtpoa03.msn.com (cpimssmtpoa03.msn.com [207.46.181.113]) by hub.freebsd.org (Postfix) with ESMTP id 827A737B422 for ; Sat, 7 Apr 2001 15:44:40 -0700 (PDT) (envelope-from JHowie@msn.com) Received: from cpimssmtpu13.email.msn.com ([207.46.181.88]) by cpimssmtpoa03.msn.com with Microsoft SMTPSVC(5.0.2195.3225); Sat, 7 Apr 2001 15:44:39 -0700 Received: from x86w2kw1 ([216.103.48.12]) by cpimssmtpu13.email.msn.com with Microsoft SMTPSVC(5.0.2195.3225); Sat, 7 Apr 2001 15:44:39 -0700 Message-ID: <05aa01c0bfb4$ec3a0de0$0101a8c0@development.local> From: "John Howie" To: "Jacques A. Vidrine" Cc: "Crist Clark" , , References: <200104071610.RAA18117@mailgate.kechara.net> <3ACF83FA.55761A7B@globalstar.com> <20010407162552.D87286@hamlet.nectar.com> <058701c0bfad$265e8530$0101a8c0@development.local> <20010407173910.B69155@spawn.nectar.com> Subject: Re: Theory Question Date: Sat, 7 Apr 2001 15:48:53 -0700 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 X-OriginalArrivalTime: 07 Apr 2001 22:44:39.0658 (UTC) FILETIME=[545A0CA0:01C0BFB4] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ----- Original Message ----- From: "Jacques A. Vidrine" To: "John Howie" Cc: "Crist Clark" ; ; Sent: Saturday, April 07, 2001 3:39 PM Subject: Re: Theory Question > On Sat, Apr 07, 2001 at 02:53:11PM -0700, John Howie wrote: > > In practice a machine with no IP address that just receives packets is not > > likely to be vulnerable. Crist's scenario is not a probable one (as he, > > himself, acknowledges). > > Such exploits have been seen in the past, e.g. the tcpdump buffer > overrun. I guess the assumption is that your opponent is more > sophisticated than a script kiddie, and wants something in your > network. > Agreed! And the hacker would also need to have intimate knowledge of your network configuration to be able to supply the correct parameters to ifconfig in the scenario that Crist outlined. One item that was missing from the original design was an exterior DMZ firewall (or perhaps I just missed that component) running NAT. Key to securing the infrastructure is making it as difficult as possible for a hacker to determine DMZ and production network topologies and machine addresses. Regards, john... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message