-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 There are all sorts of fun things that you can do to a box although it may _seem_ secure. Really, firewalls are great and all but they're not the "see all and end all" for network and system security.
I would suggest picking up a book, of which there are many that explain more in depth how the OS deals with network traffic and how some of the more commonly exploited services get manipulated into leaking information. I would suggest one of the many books on Intrusion Detection Systems along with something like "Hacking Exposed" or "Maximum Security". Any of these will give you better insight. Good luck! - -Seth McNish [EMAIL PROTECTED] On Wednesday 24 April 2002 11:55, you wrote: > I would check out, http://www.monkey.org/~dugsong/fragroute/, there has > been a lot of talk lately about fragroute bypassing snort detection. > But it could be used against stateful firewalls as well. > > -Jason > > > -----Original Message----- > > From: Ferry van Steen <[EMAIL PROTECTED]> > > To: [EMAIL PROTECTED] <[EMAIL PROTECTED]> > > Sent: 23/04/2002 11:19 > > Subject: How to get through iptables/NAT, reality and risk calculation > > > > > > Hey there, > > > > first of all, please don't get me wrong. I don't want to know how to > > crack a firewall, I just don't wanna think I'm secure whilst I'm not. > > > > The case is this, at several locations I've set up a linux box for the > > internet traffic. These boxes are configured in such a way that they > > don't have any open ports (or atleast, not on the internet side). This is > > accomplished by simply allowing all traffic from the local LAN but only > > accepting traffic from the internet part of an existing connection (with > > the iptables -m state --state ESTABLISHED,RELATED). > > > > Now, to me, as starting security engineer (security-guru-wannabe or > > whatever the phrase is), this looks uncrackable to me (unless people > > download and install trojans that connect to IRC n stuff, which is > > allowed (atleast, according to traffic rules :-))). What should I be > > aware of? Could people for instance get data into the network by hiking > > along on a connection somebody set up with a webserver (or any other > > service for that matter)? The people on these locations are allowed to do > > whatever they want, they can IRC, MSN, ICQ, HTTP, HTTPS, etc... Would it > > be possible that the linux box gets hacked due to a TCP/IP stack bug? I'm > > just sucking things out of my thumb here so I hope they make sense. Every > > knowledgeable security engineer I ever spoke say nothing is uncrackable, > > so I'm just trying to figure out the ways they still can get it so I can > > do things to prevent those and/or atleast analyse the risk and have a > > knowledge of the possibilities so I won't be utterly suprised somewhere > > in the future without a clue as to where to look and how to trace it > > back. > > > > I'm really sorry if this has been discussed before... The site is really > > slow at the moment. In any case all info is welcomed (URLs, books, > > references, user stories, experiences... whatever). > > > > Btw.. I'm subscribed to the list on another email addy than this one. I > > am subscribed tho'. Replying to either this email > > ([EMAIL PROTECTED]) or the list would be fine. > > > > Kind regards and TIA, > > > > Ferry van Steen -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8yE/b6c8IZrN8kUERAgeBAJwKdnun/6GPd+pnQ8xR8G9pbipYYgCfenvU kDAqAcQ08qsffgYn1hb08Xs= =exTM -----END PGP SIGNATURE-----
