[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Is it iptables enough?

On Mon, 2 Feb 2004, Geoffrey wrote:

> John wrote:
> > Thanks Ralf.
> > 
> > Definitely, mac spoofing is quite hard, isn't?
> Depending on the hardware, it's not difficult at all.  See the -H option at:
>   http://www.scyld.com/diag/
> > 

Mac spoofing is quite easy to do. It can easily be accomplished even by 
amateurs. Most low end firewalls and routers offer it as a feature to 
circumvent PPOE restrictions on single MAC addresses.

> > Can iptables be cracked? What vulnerabilites exist regarding iptables?

I am not aware of any documented case of IP Tables failing. It's easy to 
misconfigure your firewall script, however. IPTables operates at the 
kernel level, and it's conceiveable that some clever shithead could write 
a kernel module that alters IPTables' behavior in a way that nullifies 
it's protection of your server. Remember, a rootkit gives anyone who 
accesses it absolute power over the server to do anything they want, 
including poisoning your detection mechanisms. 

  There is no such thing as perfect security. The best you can hope for is 
"adequate", and adequate is defined on a constantly changing sliding 
scale. Additionally, most of the time confirmation that your security 
policy is inadequate or insufficient comes after a breakin. 

Apply the tightest policy your users and management will allow, and 
constantly push for tighter control of the network. You will not regret 

ICQ 115601915
pub key on request

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here