Kandu.dk - Til at få gåsehud over


/ Forside / Teknologi / Internet / Sikkerhed / Nyhedsindlæg

Glemt dit kodeord?

Brugernavn*

Kodeord *

Husk mig

Brugerservice

Kom godt i gang

Bliv medlem

Seneste indlæg

Find en bruger

Stil et spørgsmål

Skriv et tip

Fortæl en ven

Pointsystemet

Kontakt Kandu.dk

Emnevisning

Kategorier

Alfabetisk

Karriere

Interesser

Teknologi

Reklame

Top 10 brugere

Sikkerhed

#	Navn	Point
1	stl_s	37026
2	arlet	26827
3	miritdk	20260
4	o.v.n.	12167
5	als	8951
6	refi	8694
7	tedd	8272
8	BjarneD	7338
9	Klaudi	7257
10	molokyle	6481

Til at få gåsehud over
Fra : Torbenth

Dato : 09-06-01 00:14

Nappet fra WOL generel snak om firewalls.
Kig på http://grc.com/dos/grcdos.htm , den er lang men næsten i bunden
kommer godt nyt for os der bruger Zonealarm 2.6

Mvh.
Torben

Alex Holst (09-06-2001)

Kommentar
Fra : Alex Holst

Dato : 09-06-01 00:38

Torbenth <torbenth@it.dk> wrote:
> Nappet fra WOL generel snak om firewalls.
> Kig på http://grc.com/dos/grcdos.htm , den er lang men næsten i bunden
> kommer godt nyt for os der bruger Zonealarm 2.6

Steve fatter taet paa ingenting og utroligt mange mennesker kalder ham en
guru -- selv SANS. Han skriver:

"It is impossible for an application running under any version of Windows
3.x/95/98/ME or NT to "spoof" its source IP or generate malicious TCP
packets such as SYN or ACK floods."

Som atstake.com korrekt skrev for nyligt:

===
Raw Sockets are not a Security Risk
contributed by Chris Wysopal (Jun 5, 2001 4:43 pm EST)

The New York Times has an article about Steve Gibson's unfounded and hyped
concern about Windows XP containing raw socket functionality.

The "powerfull Internet-connection capabilities" which is hyped in this
article is merely the ability to write raw IP packets. This is where an
application program controls every field in the IP packet. This
functionality is required if you were writing your own network bridge
program for Windows or other low level network applications. An IDS for
NT that resets connections would need this functionality. AntiSniff,
which detects sniffers on a network, requires this functionality.

This capability, which this article states is so dangerous to the internet,
is already available practically everywhere. It is available in every
commercial and open source unix distribution and is already available for
all Windows platforms (not just Windows XP) through the use of free add on
libraries such as winpcap and libnetNT.

The hype and hyperbole is astounding. From reading this article you'd think
a deluge of DDoS attacks was building up just waiting to be released once
Microsoft releases the all powerful new API. Nothing could be further from
the truth. When XP arrives it will receive a collective yawn from DDoS
attackers who would much rather have their win32 DDoS clients run on
every version of windows using the already available add on libraries.

Once an attacker has administrative control of a machine they can run any
code they want, whether it is native or in an uploaded executable. There is
absolutely nothing stopping an attacker from spoofing IP addresses from a
Windows machine today or tommorrow.
===

--
I prefer the dark of the night, after midnight and before four-thirty,
when it's more bare, more hollow. http://a.area51.dk/

Jesper Dybdal (12-06-2001)

Kommentar
Fra : Jesper Dybdal

Dato : 12-06-01 21:47

a@area51.dk (Alex Holst) wrote:

>Once an attacker has administrative control of a machine they can run any
>code they want, whether it is native or in an uploaded executable. There is
>absolutely nothing stopping an attacker from spoofing IP addresses from a
>Windows machine today or tommorrow.

Netop.

Den eneste fornuftige løsning på spoofing-problemer er at (alle)
ISPer har filtre der hindrer deres kunder i at spoofe.

Jeg aner ikke hvor realistisk det er at forvente det, men
sikkerhed der er baseret på at en maskine som er under en skurks
fulde kontrol, ikke skulle kunne sende en spoofed pakke, er i
hvert fald ikke sagen.

--
Jesper Dybdal, Denmark.
http://www.dybdal.dk (in Danish).

Jesper Louis Anderse~ (13-06-2001)

Kommentar
Fra : Jesper Louis Anderse~

Dato : 13-06-01 14:51

On Tue, 12 Jun 2001 22:47:13 +0200, Jesper Dybdal <jdunet@u5.dybdal.dk> wrote:
> a@area51.dk (Alex Holst) wrote:

> Netop.
>
> Den eneste fornuftige løsning på spoofing-problemer er at (alle)
> ISPer har filtre der hindrer deres kunder i at spoofe.

Det hedder Egress filtering. Og er under anvendelse visse steder. Linux
firewall system har et flag der kan enable det.

--
Jesper

Kan man forstaa kvinder med en babelfisk?? - JL

Kent Friis (13-06-2001)

Kommentar
Fra : Kent Friis

Dato : 13-06-01 17:30

Den Wed, 13 Jun 2001 13:50:56 +0000 (UTC) skrev Jesper Louis Andersen:
>On Tue, 12 Jun 2001 22:47:13 +0200, Jesper Dybdal <jdunet@u5.dybdal.dk> wrote:
>> a@area51.dk (Alex Holst) wrote:
>
>> Netop.
>>
>> Den eneste fornuftige løsning på spoofing-problemer er at (alle)
>> ISPer har filtre der hindrer deres kunder i at spoofe.
>
>Det hedder Egress filtering. Og er under anvendelse visse steder. Linux
>firewall system har et flag der kan enable det.

Der behøver SVJH ikke engang konfigureres/enables firewall på maskinen,
selvom det ofte bruges i samme forbindelse.

Er der forresten nogen der kan forklare mig forskellen på Ingress og
Egress (gerne i forhold til rp_filter)?

Mvh
Kent
--
http://www.celebrityshine.com/~kfr/

Alex Holst (13-06-2001)

Kommentar
Fra : Alex Holst

Dato : 13-06-01 18:38

Kent Friis <kfr@fleggaard.dk> wrote:
> Er der forresten nogen der kan forklare mig forskellen på Ingress og
> Egress (gerne i forhold til rp_filter)?

Retning.

--
I prefer the dark of the night, after midnight and before four-thirty,
when it's more bare, more hollow. http://a.area51.dk/

Søg

Reklame

Statistik

Spørgsmål :	177501
Tips :	31968
Nyheder :	719565
Indlæg :	6408528
Brugere :	218887

Månedens bedste

Årets bedste

Sidste års bedste