[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Is it iptables enough?



----- Original Message ----- 
From: "-linux_lad" <john@xxxxxxxxxxxx>
To: "Geoffrey" <esoteric@xxxxxxxxxxxx>
Cc: <suse-security@xxxxxxxx>
Sent: Monday, February 02, 2004 7:55 PM
Subject: Re: [suse-security] Is it iptables enough?


> On Mon, 2 Feb 2004, Geoffrey wrote:
>
> > John wrote:
> > > Thanks Ralf.
> > >
> > > Definitely, mac spoofing is quite hard, isn't?
> >
> > Depending on the hardware, it's not difficult at all.  See the -H option
at:
> >
> >   http://www.scyld.com/diag/
> >
> > >
>
> Mac spoofing is quite easy to do. It can easily be accomplished even by
> amateurs. Most low end firewalls and routers offer it as a feature to
> circumvent PPOE restrictions on single MAC addresses.
>
> > > Can iptables be cracked? What vulnerabilites exist regarding iptables?
>
> I am not aware of any documented case of IP Tables failing. It's easy to
> misconfigure your firewall script, however. IPTables operates at the
> kernel level, and it's conceiveable that some clever shithead could write
> a kernel module that alters IPTables' behavior in a way that nullifies
> it's protection of your server. Remember, a rootkit gives anyone who
> accesses it absolute power over the server to do anything they want,
> including poisoning your detection mechanisms.
>
>   There is no such thing as perfect security. The best you can hope for is
> "adequate", and adequate is defined on a constantly changing sliding
> scale. Additionally, most of the time confirmation that your security
> policy is inadequate or insufficient comes after a breakin.
>
> Apply the tightest policy your users and management will allow, and
> constantly push for tighter control of the network. You will not regret
> it.
>
> -- 
> -linux_lad
> ICQ 115601915
> pub key on request
>
>
> -- 
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
>
>

Allright, how can an attacker detect the mac address that i permit to
connect to my system (or even an ip address (ip spoof))?

Is there any tool or tecknik, or something like that?

Thanks in advance!



-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here