Mailing List Archive
Support open source code!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IP spoofing
- To: tlug@example.com
- Subject: Re: IP spoofing
- From: turnbull@example.com (Stephen J. Turnbull)
- Date: Sun, 10 Nov 96 17:45 JST
- In-reply-to: <199611040739.QAA01735@example.com> (message from Craig Oda on Mon, 4 Nov 1996 16:39:36 +0900)
- Reply-To: tlug@example.com
- Sender: owner-tlug
>>>>> "Craig" == Craig Oda <craig@example.com> writes:
anil> I find the topic of IP spoofing much more interesting. Does
anil> anyone have experience in this area? Anyone out there read
anil> TakeDown (Tsutomo Shimamura)?
Craig> I found the book by Tsutomo pretty interesting.
Another good book is "The Firewalls Book" (in real life, it's Bellovin
and Cheswick, _Firewalls and Internet Security_).
Craig> If you want to play with the stuff just get two Linux boxes
Craig> and connect them with ethernet or a serial cable.
[snip]
Craig> If you really get into it, you can follow CERT for Linux
Craig> and try to hack into your box using the security report as
Craig> a hint to how to recreate the attack.
Many, perhaps most CERT advisories refer to potential security holes,
and do not necessarily have security implications. For example,
buffer overrun holes don't matter if you've already chroot'ed to a
read-only file system with no executables in it, since when you return
to the shell the extra characters die in that environment. This
particular scenario is not likely, but it's one example that's easy to
understand. Anyway, many security reports result from somebody
noticing that some characters leak from some user program into the
calling shell somehow. It's not necessarily true that someone has
figured out how to exploit this and successfully subverted a system.
Such holes should be fixed, of course. I'm not following CERT at the
moment, but I do watch for attempts to FTP my /etc/passwd, and the
like, and do occasionally review the security warnings on Web server
software I use. I've repaired or replaced software about four times
for this reason. I also ended up writing a cron job to clean out
anything bigger than 100kB from my /ftp/incoming.... I got tired of
jerks leaving erotic binaries in a write-only directory. :-P
--
Stephen John Turnbull
University of Tsukuba Yaseppochi-Gumi
Institute of Policy and Planning Sciences http://turnbull.sk.tsukuba.ac.jp/
Tennodai 1-1-1, Tsukuba, 305 JAPAN turnbull@example.com
-----------------------------------------------------------------
a word from the sponsor will appear below
-----------------------------------------------------------------
The TLUG mailing list is proudly sponsored by TWICS - Japan's First
Public-Access Internet System. Now offering 20,000 yen/year flat
rate Internet access with no time charges. Full line of corporate
Internet and intranet products are available. info@example.com
Tel: 03-3351-5977 Fax: 03-3353-6096
- References:
- Re: IP spoofing
- From: Craig Oda <craig@example.com>
- Re: IP spoofing
- Prev by Date: Re: Adobe Acrobat Reader
- Next by Date: HylaFAX again
- Prev by thread: Re: IP spoofing
- Next by thread: Pricing on Sparc Ultra 1
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |