Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 7 Apr 2001 18:00:40 -0500
From:      "Jacques A. Vidrine" <n@nectar.com>
To:        John Howie <JHowie@msn.com>
Cc:        Crist Clark <crist.clark@globalstar.com>, lee@kechara.net, freebsd-security@FreeBSD.ORG
Subject:   Re: Theory Question
Message-ID:  <20010407180040.B87468@hamlet.nectar.com>
In-Reply-To: <05aa01c0bfb4$ec3a0de0$0101a8c0@development.local>; from JHowie@msn.com on Sat, Apr 07, 2001 at 03:48:53PM -0700
References:  <200104071610.RAA18117@mailgate.kechara.net> <3ACF83FA.55761A7B@globalstar.com> <20010407162552.D87286@hamlet.nectar.com> <058701c0bfad$265e8530$0101a8c0@development.local> <20010407173910.B69155@spawn.nectar.com> <05aa01c0bfb4$ec3a0de0$0101a8c0@development.local>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sat, Apr 07, 2001 at 03:48:53PM -0700, John Howie wrote:
> Agreed! And the hacker would also need to have intimate knowledge of your
> network configuration to be able to supply the correct parameters to
> ifconfig in the scenario that Crist outlined. 

Well, no.  Arbitrary code is just that: arbitrary.  Arbitrary code can
determine a working  configuration for any network  interface.  And in
many cases it  will not even be necessary to  `ifconfig' the interface
to use it.

> One item that was missing from
> the original design was an exterior DMZ firewall (or perhaps I just missed
> that component) running NAT. Key to securing the infrastructure is making it
> as difficult as possible for a hacker to determine DMZ and production
> network topologies and machine addresses.

If the  `key' to your security  is obscurity of your  internal network
configuration, expect to be comprimised.  This information is not hard
to obtain  by a  determined attacker, and  technology is  probably not
even an issue.

Cheers,
-- 
Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010407180040.B87468>