[ale] little bit of security advice needed

James P. Kinney III jkinney at localnetsolutions.com
Mon Jul 8 11:23:13 EDT 2002


"In theory" if the inside LAN is 192.168.0.0/255.255.0.0, spoofing
packets from the outside will fail to get to the linksys router. This
assumes that the ISP has properly configured routers to disallow
unroutable packets in Internet space.

That said, many organizations DON'T have routers set up properly so a
rule in iptables like:

/sbin/iptables -A INPUT -i $outside_interface -s $inside_network -j DROP

will block the spoof.

On Mon, 2002-07-08 at 10:19, Dow Hurst wrote:
> Is it possible to break thru the Linksys router with spoofed source 
> packets from an external source?  Has anyone tried this?  I was talking 
> with a guy who explained to me that a IPchains masquerading firewall I 
> had installed at a academic lab could be hacked by sending a spoofed 
> source packet containing an internal address of the masqueraded LAN.  I 
> probably didn't have a rule in place to deny such coming in on the 
> external interface, but don't have the rules to look at to check.  He 
> rebuilt the box as a custom iptables bridge with static IPs issued from 
> the institution this was at.  I am happy for my friend who owns this lab 
> since it sounds like this new admin is helping secure the lab properly. 
>  But, I was puzzled since I thought I had set things up correctly.  I 
> depend on a Linksys router at home until I get a Linux firewall in 
> place.  I really want to get that done since the Linksys router seems to 
> get confused quickly and lock up my external to internal SSH 
> connections.  Don't ever "ls -l" in an SSH session from outside being 
> forwarded inside or you'll lose the session.
> Dow
> 
> 
> Jim Popovitch wrote:
> 
> >Hi Cade,
> >
> >Everything looks good and tight.  I ran nmap against thacker.homelinux.org
> >and here are the results.  Btw, it's good to see that you have turned off
> >ICMP replies on your Linksys.
> >
> >-Jim P.
> >
> >
> >  root at bugs~$ nmap -P0 thacker.homelinux.org
> >
> >  Starting nmap V. 2.54BETA31 ( www.insecure.org/nmap/ )
> >  Interesting ports on user-1120uq4.dsl.mindspring.com (66.32.123.68):
> >  (The 1553 ports scanned but not shown below are in state: filtered)
> >  Port       State       Service
> >  22/tcp     open        ssh
> >
> >  Nmap run completed -- 1 IP address (1 host up) scanned in 409 seconds
> >
> >
> >
> >
> >---
> >This message has been sent through the ALE general discussion list.
> >See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
> >sent to listmaster at ale dot org.
> >
> >
> >  
> >
> 
> 
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
> sent to listmaster at ale dot org.
-- 
James P. Kinney III   \Changing the mobile computing world/
President and CEO      \          one Linux user         /
Local Net Solutions,LLC \           at a time.          /
770-493-8244             \.___________________________./

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7 



 This is a digitally signed message part




More information about the Ale mailing list