Thanks for the answers. My question was actually theoretical. I would
always suggest at least a basic firewall to all our clients.
What I wanted to find out was (may be something like) this:
(a) Cracker can use methods M1, M2 and M3 to crack a machine with static IP
address behind a firewall.
(b) Cracker has only access to M4 for accessing a machine with non-routable
IP address even if it is not behind a firewall.
Therefore having a non-routable IP address if safer (not necessarily fully
secure).
Atul talked about IP spoofing (any pointers to resources on the net which
talk about this?). Are there any other ways.
-Krishnan.
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, September 27, 1999 6:41 PM
Subject: Re: [LI] Machine with private IP address on Internet (May be
offtopic?)
>My 2 cents worth on this.
>
>If your ISP assigns you a dynamic IP address, then knowing that address, I
>can attack your system. The IP addres 192.168.1.100 is typically assigned
>to the eth0 interface, whereas the dynamic address is assigned to the
>ppp0/ippp0 interface of the dialup connection. It is always advisable to
>have a firewall if you are afraid of cracker attacks (to verify this,
>connect to the internet, note the dynamic IP address, go to another
>computer - also on the net - and try to telnet to your linux machine
>using the dynamic IP address).
>
>Of course, a static IP address is known all over the world, while a
>dynamic one gets changed quite frequently, so to find out the dynamic
>address is a task on its own. In any case, it is better to have a firewall
>to block off those unwanted people trying to crash your computer.
>
>VSNL, in Bombay, assigns IP addresses in the range 202.54.*.*. It is
>possible to write code to loop over this set of IP addresses and locate
>the linux machines among these. The easiest way (I think) is to try to
>establish a TCP/IP connection to one of the well known ports and try to
>figure out what the system is from the response (eg, version numbers of
>programs on smtp, pop-3, ftp ports etc.)
>
>So, whatever the kind of internet connection you have, it is always
>better to set up a firewall. With a static IP address, it becomes almost
>mandatory. :-)
>
>Binand
--------------------------------------------------------------------
For more information on Linux in India visit http://www.linux-india.org/
The Linux India mailing list does not accept postings in HTML format.
