Hey there, first of all, please don't get me wrong. I don't want to know how to crack a firewall, I just don't wanna think I'm secure whilst I'm not.
The case is this, at several locations I've set up a linux box for the internet traffic. These boxes are configured in such a way that they don't have any open ports (or atleast, not on the internet side). This is accomplished by simply allowing all traffic from the local LAN but only accepting traffic from the internet part of an existing connection (with the iptables -m state --state ESTABLISHED,RELATED). Now, to me, as starting security engineer (security-guru-wannabe or whatever the phrase is), this looks uncrackable to me (unless people download and install trojans that connect to IRC n stuff, which is allowed (atleast, according to traffic rules :-))). What should I be aware of? Could people for instance get data into the network by hiking along on a connection somebody set up with a webserver (or any other service for that matter)? The people on these locations are allowed to do whatever they want, they can IRC, MSN, ICQ, HTTP, HTTPS, etc... Would it be possible that the linux box gets hacked due to a TCP/IP stack bug? I'm just sucking things out of my thumb here so I hope they make sense. Every knowledgeable security engineer I ever spoke say nothing is uncrackable, so I'm just trying to figure out the ways they still can get it so I can do things to prevent those and/or atleast analyse the risk and have a knowledge of the possibilities so I won't be utterly suprised somewhere in the future without a clue as to where to look and how to trace it back. I'm really sorry if this has been discussed before... The site is really slow at the moment. In any case all info is welcomed (URLs, books, references, user stories, experiences... whatever). Btw.. I'm subscribed to the list on another email addy than this one. I am subscribed tho'. Replying to either this email ([EMAIL PROTECTED]) or the list would be fine. Kind regards and TIA, Ferry van Steen
