|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [suse-security] Is it iptables enough?
From: Ralf Ronneburger (ralf
ronneburger.de)
Date: Mon Feb 02 2004 - 19:47:41 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi John,
that's also perfectly easy unless your 2 boxes are connected with a
cross-over-cable directly, but then you wouldn't need iptables ;-). The
packages have to go through some hubs, switches or routers and there are
always ways to find out who's talking to whom. As I said - it just
depends on how valuable the information transfered is and on how good
it's protected. But to be not too paranoid (although there is no such
thing as being too paranoid) - for most cases to filter by IP and
MAC-Address should be perfectly suited, if you're not running
bank-transfers over it ;-).
Greetings,
Ralf
John wrote:
> ----- Original Message -----
> From: "-linux_lad" <johnlinuxlad.org>
> To: "Geoffrey" <esoteric3times25.net>
> Cc: <suse-securitysuse.com>
> Sent: Monday, February 02, 2004 7:55 PM
> Subject: Re: [suse-security] Is it iptables enough?
>
>
>
>>On Mon, 2 Feb 2004, Geoffrey wrote:
>>
>>
>>>John wrote:
>>>
>>>>Thanks Ralf.
>>>>
>>>>Definitely, mac spoofing is quite hard, isn't?
>>>
>>>Depending on the hardware, it's not difficult at all. See the -H option
>
> at:
>
>>> http://www.scyld.com/diag/
>>>
>>>
>>Mac spoofing is quite easy to do. It can easily be accomplished even by
>>amateurs. Most low end firewalls and routers offer it as a feature to
>>circumvent PPOE restrictions on single MAC addresses.
>>
>>
>>>>Can iptables be cracked? What vulnerabilites exist regarding iptables?
>>
>>I am not aware of any documented case of IP Tables failing. It's easy to
>>misconfigure your firewall script, however. IPTables operates at the
>>kernel level, and it's conceiveable that some clever shithead could write
>>a kernel module that alters IPTables' behavior in a way that nullifies
>>it's protection of your server. Remember, a rootkit gives anyone who
>>accesses it absolute power over the server to do anything they want,
>>including poisoning your detection mechanisms.
>>
>> There is no such thing as perfect security. The best you can hope for is
>>"adequate", and adequate is defined on a constantly changing sliding
>>scale. Additionally, most of the time confirmation that your security
>>policy is inadequate or insufficient comes after a breakin.
>>
>>Apply the tightest policy your users and management will allow, and
>>constantly push for tighter control of the network. You will not regret
>>it.
>>
>>--
>>-linux_lad
>>ICQ 115601915
>>pub key on request
>>
>>
>>--
>>Check the headers for your unsubscription address
>>For additional commands, e-mail: suse-security-helpsuse.com
>>Security-related bug reports go to securitysuse.de, not here
>>
>>
>
>
> Allright, how can an attacker detect the mac address that i permit to
> connect to my system (or even an ip address (ip spoof))?
>
> Is there any tool or tecknik, or something like that?
>
> Thanks in advance!
>
>
>
--
------------------------------------------------------------
Ralf Ronneburger
ralfronneburger.de
Prefers to receive encrypted Mail, download public-key from
http://www.ronneburger.de/gpg/ralf_ronneburger.asc
------------------------------------------------------------
" The trouble with computers is that they do what you tell
them, not what you want. " -- D. Cohen
------------------------------------------------------------
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]