At 10:49 AM 6/9/2002 -0400, Hugo wrote:
>I confiugured firewall (CP 4.1) not to control ip routing, meaning when
>firewall is dropped then it is still routing thwe packets. Frewall protexts
>hosts that have public ip range, LAN and DMZ. Let's say firewall service
>crashes but machine still works and can route the packets, so my networks
>(10.0.0.0/16 and 192.168.99.0/24) are exposed.
>Question: I think that even if fw service is down then nothing will happen
>cause you cannot attack hosts with illegeal ip addresses-they simply won't
>be routed back to attacker....but maybe I'm wrong here...I would like to
>have some feedback on this.
>Thanks.
You're wrong. An attacker can source route through you (for example, they
can use 'telnet 10.0.0.1@your-firewall-ip' to route to your private network.)
Mikael Olsson's attack also works - take over a host in the DMZ and alter
it's routing table, then you use that as a springboard to attack the
private network.
And, to be pedantic, there's nothing "illegal" about those addresses -
they're simply set aside for private network use. There's no guarantee that
any of the routers in the path between you and your attacker has blocking
enabled for those address ranges.
-Rick
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
For Account Management (unsubscribe, get/change password, etc) Please go to:
http://lists.gnac.net/mailman/listinfo/firewalls
