Firewall Wizards mailing list archives

RE: Looking for "lease based popper access"

From: "Dom De Vitto" <dom () devitto com>
Date: Wed, 15 Dec 1999 20:44:50 -0000

'If they can't connect, they can't hack.'

Hmmm, but if they can sequence number predict(*) they can synflood
& fake a 'real' connection.  Not script kiddie stuff, but first
described by Steve B. over 12 years ago.....

Dom
(*) and bear in mind they can connect from evil.com, it's just the
tcpw's drop the connection at the applicatin layer, so they can
determine how random the seq nos are spaced (& TCP fingerprint) to
gauge how easy faking a connection wouild be, assuming they what
addresses *are* accepted.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Dom De Vitto
Secure Technologies Ltd.                           Mob. 07971 589 201
mailto:dom () devitto com                             Tel. 01202 738 767
http://www.devitto.com                             Fax. 08700 548 750
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


-----Original Message-----
From: owner-firewall-wizards () lists nfr net
[mailto:owner-firewall-wizards () lists nfr net]On Behalf Of
sedwards () sedwards com
Sent: Monday, December 13, 1999 12:15 AM
To: Rodney van den Oever
Cc: firewall-wizards () nfr net
Subject: Re: Looking for "lease based popper access"


The IP address is not used for authentication. The idea is to limit a
[l]user who will not be authenticted from even being able to establish a
connection to the service -- if the "script kidz" can't connect, they
can't hack.

On Sun, 12 Dec 1999, Rodney van den Oever wrote:

I use tcp wrappers a lot when I configure client networks. I figure if the
script kiddies can't connect, they can't do a lot of damage -- assuming
tcp wrappers isn't exploitable :)

This works pretty good for most services except POP. Traveling employees
need to get to their email from where ever they are.



Then use a SSH- or SSL-based encrypted tunnel as is often discussed on this
list. You should not authenticate users based on their IP-address.

--
Rodney van den Oever / +31 318 695558 / PGP Key ID 0x0A6CCE53
'Bother' said Pooh, as he called in an air strike.


Thanks in advance,
------------------------------------------------------------------------
Steve Edwards      sedwards () sedwards com      Voice: +1-760-723-2727 PST
Newline            Pager: +1-888-478-5085           Fax: +1-760-731-3000

Attachment: Domenico De Vitto.vcf
Description:

Current thread:

Re: Looking for "lease based popper access" Rodney van den Oever (Dec 13)
- Re: Looking for "lease based popper access" sedwards (Dec 13)
  - RE: Looking for "lease based popper access" Dom De Vitto (Dec 17)
- <Possible follow-ups>
- RE: Looking for "lease based popper access" Jan van Rensburg (Dec 13)
  - RE: Looking for "lease based popper access" R. DuFresne (Dec 14)
    - RSAREF Patch Leonard Miyata (Dec 15)
    - RSAREF bug issues (was Re: Looking for "lease based popper access") Bennett Todd (Dec 15)
    - Re: RSAREF bug issues (was Re: Looking for "lease based popper access") R. DuFresne (Dec 17)
- RE: Looking for "lease based popper access" Jan van Rensburg (Dec 15)
- Re: Looking for "lease based popper access" Steven M. Bellovin (Dec 15)