[809] in bugtraq
Re: Re: Router filtering not enough! (Was: Re: CERT advisory )
daemon@ATHENA.MIT.EDU (Jonathan M. Bresler)
Fri Jan 27 11:35:16 1995
Date: Fri, 27 Jan 1995 08:34:58 -0500 (EST)
From: "Jonathan M. Bresler" <jmb@kryten.Atinc.COM>
To: Pete Hartman <pwh@bradley.bradley.edu>
Cc: bugtraq@fc.net, "Jonathan M. Bresler" <jmb@kryten.Atinc.COM>
In-Reply-To: <9501270421.AA17838@bradley.bradley.edu>
On Thu, 26 Jan 1995, Pete Hartman wrote:
> >But in real life, the spoofing machine would never be requested to respond
> >to arp anyway, because in real life the spoofer should be on the other side
> >of your firewall router. If the spoofer and spoofee are on the same ether-
> >net then there are serious internal problems that go beyond the scope of
> >firewalls!!
>
> But such problems are the stock-in-trade of those of us at Universities.
absolutely! take that 386sx junker in the corner slap two
ethernet cards in it and run drawbridge from TAMU, or a stripped/hacked
down version of FreeBSD. establish a perimeter based upon subnets, a list
of host addresses, anything.
hell, they can just snoop the wire and pick off your passwords as
they fly by.
lots and lots of other problems. establish a perimeter.
jmb
Jonathan M. Bresler jmb@kryten.atinc.com | Analysis & Technology, Inc.
| 2341 Jeff Davis Hwy
play go. | Arlington, VA 22202
ride bike. hack FreeBSD.--ah the good life | 703-418-2800 x346