[ale] little bit of security advice needed

Cade Thacker linux at cade.org
Tue Jul 9 09:47:14 EDT 2002


1) Thanks a ton to everybody who helped me out!! And Jim, I wish I could
say that I was smart enough to turn off ICMP, but I think it comes this
way ;)

2) I recently upgraded the firmware on this guy and I tried the 'ls -l'
from work and it seemed to work find. You may just need to upgrade.
Eventually I would like to replace him with a linux box, but I just don't
have the cash right now to scrap together another box(plus a little thing
called a wife ;)

Once again, thanks, and you guys/gals rule!

--cade

On Linux vs Windows
==================
Remember, amateurs built the Ark, Professionals built the Titanic!
==================



On Mon, 8 Jul 2002, Transam wrote:

> > Date: Mon, 08 Jul 2002 10:19:30 -0400
> > From: Dow Hurst <dhurst at kennesaw.edu>
> > To: Jim Popovitch <jimpop at rocketship.com>, ale at ale.org
> > References: <FMELKIGJMCKDEONBJEDGMENNDIAA.jimpop at rocketship.com>
> > Subject: Re: [ale] little bit of security advice needed
>
> > Is it possible to break thru the Linksys router with spoofed source
> > packets from an external source?  Has anyone tried this?  I was talking
> > with a guy who explained to me that a IPchains masquerading firewall I
> > had installed at a academic lab could be hacked by sending a spoofed
> > source packet containing an internal address of the masqueraded LAN.  I
> > probably didn't have a rule in place to deny such coming in on the
> > external interface, but don't have the rules to look at to check.  He
> > rebuilt the box as a custom iptables bridge with static IPs issued from
> > the institution this was at.  I am happy for my friend who owns this lab
> > since it sounds like this new admin is helping secure the lab properly.
>
> A quick look at the LinkSys Download site for their cable modem/router
> has a claim that they will block spoofed addresses.  However, M$ also
> claims that their software is secure.  I recommend against trusting it
> unless it provides documentation detailing what type of spoofing it blocks
> and how and/or testing it.  MANY firewall and VPN vendors publish misleading
> and sometimes outright untrue claims.  (I've seen no evidence of LinkSys
> doing this.)
>
> > But, I was puzzled since I thought I had set things up correctly.  I
> > depend on a Linksys router at home until I get a Linux firewall in
> > place.  I really want to get that done since the Linksys router seems to
> > get confused quickly and lock up my external to internal SSH
> > connections.  Don't ever "ls -l" in an SSH session from outside being
> > forwarded inside or you'll lose the session.
>
> If it gets confused, that is suggestive of software bugs.  Buggy code
> usually cannot be considered secure.
>
> I *know* the capabilities and limitations of IP Tables and IP Chains because
> I've audited the source code!
>
> > Dow
>
> > Jim Popovitch wrote:
>
> > >Hi Cade,
> ...
>
> > "In theory" if the inside LAN is 192.168.0.0/255.255.0.0, spoofing
> > packets from the outside will fail to get to the linksys router. This
> > assumes that the ISP has properly configured routers to disallow
> > unroutable packets in Internet space.
>
> VERY FEW ISPs filter out such bogus addresses.  Nmap has the capability
> of generating such bogus source addresses to demonstrate this easily.
>
> > That said, many organizations DON'T have routers set up properly so a
> > rule in iptables like:
>
> > /sbin/iptables -A INPUT -i $outside_interface -s $inside_network -j DROP
>
> > will block the spoof.
>
> EVERYONE should have such rules in their Firewalls.  All of mine do.
>
> > On Mon, 2002-07-08 at 10:19, Dow Hurst wrote:
> > ...
> > --=20
> > James P. Kinney III   \Changing the mobile computing world/
> > President and CEO      \          one Linux user         /
> > Local Net Solutions,LLC \           at a time.          /
> > 770-493-8244             \.___________________________./
>
> Bob Toxen
> transam at cavu.com                       [Bob's ALE Bulk email]
> bob at verysecurelinux.com                [Please use for email to me]
> http://www.verysecurelinux.com         [Network&Linux/Unix security consulting]
> http://www.realworldlinuxsecurity.com/ [My 5* book:"Real World Linux Security"]
> http://www.cavu.com/sunset.html        [Sunset Computer]
> Fly-By-Day Consulting, Inc.      "Don't go with a fly-by-night outfit!"
> Quality Linux & UNIX security and SysAdmin & software consulting since 1990.
>
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
> sent to listmaster at ale dot org.
>
>


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list