On Tue, 20 Apr 1999, John Haines wrote:
> In point of fact, NetWare, from an Internet security POV, is absolutely
> more secure if you run in IPX mode, because "you can't get there from
> here" - there is just no way you can launch a security or DOS attack
> across the Internet against my IPX based network.
Well, unless you don't accept the fact that most network nodes these days
are multi-protocol nodes, so if an IP-speaking node gets compromised,
they're an excellent attack vector to any other node on the same network
or routed/bridged networks connected to that network. Trojaned or
compromised PCs can be used to attack anything that device is capable of
communicating with, and IPX in and of itself isn't the most robust protocol
against DoS attacks *especially* in bridged or routed environments. It
storms and loops pretty easily, and older devices such as printer boxes
tend to DoS trivially. Also, RIP and SAP advertisement and IPX network
collisions are ripe for attacks in most cases.
"You can't get there _directly_ from here," but it's not a long road from
Win9x, NT, Linux, FreeBSD, or even DOS for that matter.
"One hop, one kill."
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
