Ben Nagy wrote:
>
> Sniffers and IP spoofing are possibly less of a threat than you might think.
> [huge snip]
... unless you've got an inline DMZ or a machine outside
your perimeter firewall, maybe like this:
(yaaay, ascii art)
---
|R| Internet Router
---
|
| |--|
|------| | Traffic Analyzer
| |--|
|
|---|
|FW |
|---|
| (DMZ with lots of servers)
|------------------------------|
|
|---|
|FW |
|---|
| Internal Network
|-----------------------------|
- The "Traffic Analyzer" i put up there could be anything.
A home brew IDS, maybe a packet sniffer "temporarily" put there
by the network admin, or maybe one of those commercial
statistics collector devices that some CEOs decided "must" be
there so that they can send official server statistics somewhere.
It is most likely vulnerable.
- Servers in the DMZ are most likely vulnerable. That's why we put
them in the DMZ, right?
Any of these machines can __EASILY__ either
1) Sniff the data if the network isn't switched, or
2) Use ARP spoofing (which is EASY) to listen to the data streams
or pretend to be someone else.
So, if you're doing remote management via telnet or something
else that isn't encrypted, you're basically screwed.
By the way, this is why I don't like "inline" DMZs. I want mine
off of a third leg of the firewall. :)
$.02
/Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 �RNSK�LDSVIK
Phone: +46 (0)660 29 92 00 Direct: +46 (0)660 29 92 05
Mobile: +46 (0)70 66 77 636 Fax: +46 (0)660 122 50
WWW: http://www.enternet.se/ E-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
