Re: [ShareTheNet] Woo Woo! Good Stuff about STN

Shaun Moran Mon, 07 Aug 2000 14:04:35 -0700
Well - it can't - at least not these days - that is why the IP OPTIONS field
is so dangerous in TCP/IP packets because with IP OPTIONS you can tell the
remote box a different routing path that what it knows. All modern Firewalls
drop IP OPTIONS automatically these days.

Anyway - most attack/attackers dont care about the return of data - the
dangerous stuff is in the sending packet - not the receiving packet. (eg: If
I want to add a user to the /etc/passwd file via a buffer overflow - I dont
care about the succesfull/failure message - I just want to get the packet to
the remote machine. I'll know whether it worked by being able to telnet in)

Don't get me wrong - STN is good and the IP spoofing stuff I talked about my
not affect STN - I hav'nt had the time to test it. But from my brief
encounter with it the majority of STN's security is because of the minimal
services it runs - not because of any super intelligent Firewall script the
box users.

All I pointed out was the things that I would like to see fixed in the next
version to make the product even better.

Thanks - Shaun


----- Original Message -----
From: "Lyle Giese" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Monday, August 07, 2000 11:36 PM
Subject: RE: [ShareTheNet] Woo Woo! Good Stuff about STN


> An interesting question there, Shaun.  If I were to spoof an internal
> address, how does the STN box route packets back to me(the intruder), if
STN
> sends the packets back to that spoofed address(which is internal and not
> external)?
>
> Thanks in advance,
> Lyle
>
> -----Original Message-----
> From: Shaun Moran [mailto:[EMAIL PROTECTED]]
> Sent: Monday, August 07, 2000 3:59 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [ShareTheNet] Woo Woo! Good Stuff about STN
>
>
> Well I hav'nt tested it but if STN does not block against IP spoofing
> attacks then you have a potential vulnerability whenever there are rules
> based on source address alone.
>
> A potential example (but not likely) is that if the web admin portion of
STN
> is set to internal only then an external user could 'spoof' and Internal
IP
> address and set a web request/or modification of the STN box from the
> Internet - if he knew the username/password of course.
>
> The other security issues that I am aware of with STN are:
>
> -    VERY old Version of BIND/NAMED (DNS) that is easily crashable - a
> reboot is currently required to fix this.
> -    From memory the HTTPD server (THTTPD) that is used for web admin has
a
> vulnerability
>
> The REALLY nice thing I would like to see with STN is logging of dropped
> packets so you can SEE when someone is hacking/scanning you.
>
> Thanks
>
> Shaun Moran
> Security Engineer
>
>
> ----- Original Message -----
> From: "Richard G. Samuels" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, August 07, 2000 9:22 AM
> Subject: Re: [ShareTheNet] Woo Woo! Good Stuff about STN
>
>
> > I had a customer buy an $800 "firewall" box based on the salesman's
> > representation that NAT devices like STN are not secure because an
> > intruder can spoof an internal IP address. I asked him if he knew the
> > difference between a used car salesman and a computer salesman. (There
> > are two answers: 1. The used car salesman knows when he's lieing. 2.
> > About 2 weeks.).
> >
> > Is there any conceivable way this could be done?
> >
> > john burton wrote:
> > >
> > > I posted my results of 'nmap' some time back.  Showed 25 (smtp) 80
> (http) and 53 (nameserver) open here; all of which were expected.
> > >
> > > STN does do well as a firewall!
> > >
> > >                                 --==jb==--
> > >
> > > --
> > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> > > john burton
> > > Midwest City, Oklahoma
> > >
> > > -----Original Message-----
> > > From:   Gavin Delaney [SMTP:[EMAIL PROTECTED]]
> > > Sent:   Sunday, August 06, 2000 13:47
> > > To:     [EMAIL PROTECTED]
> > > Subject:        [ShareTheNet]  Woo Woo! Good Stuff about STN
> > >
> > > A friend of mine who works as a "Security Consultant" and programmer
for
> > > a local e-company decided to try to have some fun with me and ran a
few
> > > of his testing proggies like nessus on me. He was *very* surprised
that
> > > i seemed nearly impregnable!!!
> > >
> > > lets hear it for STN! :)\
> > >
> > > Gavin Delaney
> > >
> > > --- Sponsor's Message --------------------------------------
> > > Get a NextCard Visa, in 30 seconds!
> > > 1. Fill in the brief application
> > > 2. Receive approval decision within 30 seconds
> > > 3. Get rates as low as 2.9% Intro or 9.9% Fixed APR
> > > http://click.topica.com/aaaaq0bz8Rp2bAfyJec/NextCardAd2
> > > ------------------------------------------------------------
> > >
> > > --
> > > Visit http://www.ShareTheNet.com for info about ShareTheNet
> > > Visit http://www.topica.com/lists/sharethenet for info about this list
> > > ___________________________________________________________
> > > T O P I C A  The Email You Want. http://www.topica.com/t/16
> > > Newsletters, Tips and Discussions on Your Favorite Topics
> > >
> > >                   Name: WINMAIL.DAT
> > >    WINMAIL.DAT    Type:
application/x-unknown-content-type-dat_auto_file
> > >               Encoding: x-uuencode
> > >
> > > --- Sponsor's Message --------------------------------------
> > > TOO MUCH DEBT?  Let this nonprofit help you lower your credit card
> > > interest charges and consolidate your payments without a loan. If you
> > > have $5000 in credit card debt, click here.
> > > http://click.topica.com/aaaav5bz8Rp2bAfyGbc/Edebt
> > > ------------------------------------------------------------
> > >
> > > --
> > > Visit http://www.ShareTheNet.com for info about ShareTheNet
> > > Visit http://www.topica.com/lists/sharethenet for info about this list
> > > ___________________________________________________________
> > > T O P I C A  The Email You Want. http://www.topica.com/t/16
> > > Newsletters, Tips and Discussions on Your Favorite Topics
> >
> >
> >
> > --- Sponsor's Message --------------------------------------
> > TOO MUCH DEBT?  Let this nonprofit help you lower your credit card
> > interest charges and consolidate your payments without a loan. If you
> > have $5000 in credit card debt, click here.
> > http://click.topica.com/aaaav5bz8Rp2bAfyHfc/Edebt
> > ------------------------------------------------------------
> >
> > --
> > Visit http://www.ShareTheNet.com for info about ShareTheNet
> > Visit http://www.topica.com/lists/sharethenet for info about this list
> > ___________________________________________________________
> > T O P I C A  The Email You Want. http://www.topica.com/t/16
> > Newsletters, Tips and Discussions on Your Favorite Topics
> >
>
>
>
> --- Sponsor's Message --------------------------------------
> TOO MUCH DEBT?  Let this nonprofit help you lower your credit card
> interest charges and consolidate your payments without a loan. If you
> have $5000 in credit card debt, click here.
> http://click.topica.com/aaaav5bz8Rp2bAfEEQc/Edebt
> ------------------------------------------------------------
>
> --
> Visit http://www.ShareTheNet.com for info about ShareTheNet
> Visit http://www.topica.com/lists/sharethenet for info about this list
> ___________________________________________________________
> T O P I C A  The Email You Want. http://www.topica.com/t/16
> Newsletters, Tips and Discussions on Your Favorite Topics
>
>
>
> --- Sponsor's Message --------------------------------------
> TOO MUCH DEBT?  Let this nonprofit help you lower your credit card
> interest charges and consolidate your payments without a loan. If you
> have $5000 in credit card debt, click here.
> http://click.topica.com/aaaav5bz8Rp2bAfyHfc/Edebt
> ------------------------------------------------------------
>
> --
> Visit http://www.ShareTheNet.com for info about ShareTheNet
> Visit http://www.topica.com/lists/sharethenet for info about this list
> ___________________________________________________________
> T O P I C A  The Email You Want. http://www.topica.com/t/16
> Newsletters, Tips and Discussions on Your Favorite Topics
>



--- Sponsor's Message --------------------------------------
TOO MUCH DEBT?  Let this nonprofit help you lower your credit card
interest charges and consolidate your payments without a loan. If you
have $5000 in credit card debt, click here.
http://click.topica.com/aaaav5bz8Rp2bAfyICc/Edebt
------------------------------------------------------------

--
Visit http://www.ShareTheNet.com for info about ShareTheNet
Visit http://www.topica.com/lists/sharethenet for info about this list
________________________________________________________________________
Start an Email List For Free at Topica.  http://www.topica.com/register
Re: [ShareTheNet] Woo Woo! Good Stuff about STN

Reply via email to
