Hey Ferry, Having MSN, IRC and the like allowed in your intranet is quite a risk. Your firewall could be easily fooled if the connection starts from the intranet, according to the setup you said you have for your particular firewall rules. I can send your intranet machine anything I want if my friend in your intranet workstation connects to me, either using a special purpose client-server program model or probably MSN, IRC, etc.
I'm sure you want to take a look at this book: 'Linux Firewalls', Second Edition, by Robert L.Ziegler. It tells you how to solve this kind of issues, as well many other ip-tables related issues. Basically you can not rely on the assumption that a connection initiated from your inside part of the network is 100% an intended, trustable, and secure connection. Regards, Christian. TheOg wrote: >First of all here : http://www.kb.cert.org/vuls/id/24140 >Every system indeed has a chance of being hacked sometime , Firewalls >advance as well as hack tools , you should always keep up with the current >events :-) the never ending story... This way you can keep a level of >security that will be sufficiant to stop most attacks (implementing the >required updates of course.). > > > >_|_ |__ ___ __ __ > |_, | ) (__/_ (__) (__| > __/ > > >On Tue, 23 Apr 2002, Ferry van Steen wrote: > >>Hey there, >> >>first of all, please don't get me wrong. I don't want to know how to crack a >>firewall, I just don't wanna think I'm secure whilst I'm not. >> >>The case is this, at several locations I've set up a linux box for the >>internet traffic. These boxes are configured in such a way that they don't >>have any open ports (or atleast, not on the internet side). This is >>accomplished by simply allowing all traffic from the local LAN but only >>accepting traffic from the internet part of an existing connection (with the >>iptables -m state --state ESTABLISHED,RELATED). >> >>Now, to me, as starting security engineer (security-guru-wannabe or whatever >>the phrase is), this looks uncrackable to me (unless people download and >>install trojans that connect to IRC n stuff, which is allowed (atleast, >>according to traffic rules :-))). What should I be aware of? Could people >>for instance get data into the network by hiking along on a connection >>somebody set up with a webserver (or any other service for that matter)? The >>people on these locations are allowed to do whatever they want, they can >>IRC, MSN, ICQ, HTTP, HTTPS, etc... Would it be possible that the linux box >>gets hacked due to a TCP/IP stack bug? I'm just sucking things out of my >>thumb here so I hope they make sense. Every knowledgeable security engineer >>I ever spoke say nothing is uncrackable, so I'm just trying to figure out >>the ways they still can get it so I can do things to prevent those and/or >>atleast analyse the risk and have a knowledge of the possibilities so I >>won't be utterly suprised somewhere in the future without a clue as to where >>to look and how to trace it back. >> >>I'm really sorry if this has been discussed before... The site is really >>slow at the moment. In any case all info is welcomed (URLs, books, >>references, user stories, experiences... whatever). >> >>Btw.. I'm subscribed to the list on another email addy than this one. I am >>subscribed tho'. Replying to either this email ([EMAIL PROTECTED]) >>or the list would be fine. >> >>Kind regards and TIA, >> >>Ferry van Steen >> > > >
