|
Security Basics
mailing list archives
an error in the NMAP docs?
From: "Michael Herz" <mherz () uwaterloo ca>
Date: Fri, 1 Apr 2005 11:05:17 -0500
Hi all,
Is there an error in the NMAP docs? The --source_port section says:
"Many naive firewall and packet filter installations make an exception in
their rule-set to allow DNS (53) or FTP-DATA (20) packets to come through
and establish a connection. Obviously this completely subverts the security
advantages of the firewall since intruders can just masquerade as FTP or
DNS by modifying their source port."
This implies that the hole in a packet filtered machine exists if it has
allowed inbound DNS or FTP connections. I don't believe this is true. I
think the hole only exists if the machine has allowed outbound (ie client)
connections from the machine. For example if the machine allowed outbound
DNS client requests to the world, using --source_port 53 would exploit the
hole.
Any comments would be appreciated.
Mike
---------------------------------------------------------------------------
Earn your MS in Information Security ONLINE
Organizations worldwide are in need of highly qualified information security
professionals. Norwich University is fulfilling this demand with its MS in
Information Security offered online. Recognized by the NSA as an
academically excellent program, NU offers you the opportunity to earn your
degree without disrupting your home or work life.
http://www.msia.norwich.edu/secfocus_en
----------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
- an error in the NMAP docs? Michael Herz (Apr 04)
|
Intro
