[ale] little bit of security advice needed

Dow Hurst dhurst at kennesaw.edu
Mon Jul 8 10:19:30 EDT 2002


Is it possible to break thru the Linksys router with spoofed source 
packets from an external source?  Has anyone tried this?  I was talking 
with a guy who explained to me that a IPchains masquerading firewall I 
had installed at a academic lab could be hacked by sending a spoofed 
source packet containing an internal address of the masqueraded LAN.  I 
probably didn't have a rule in place to deny such coming in on the 
external interface, but don't have the rules to look at to check.  He 
rebuilt the box as a custom iptables bridge with static IPs issued from 
the institution this was at.  I am happy for my friend who owns this lab 
since it sounds like this new admin is helping secure the lab properly. 
 But, I was puzzled since I thought I had set things up correctly.  I 
depend on a Linksys router at home until I get a Linux firewall in 
place.  I really want to get that done since the Linksys router seems to 
get confused quickly and lock up my external to internal SSH 
connections.  Don't ever "ls -l" in an SSH session from outside being 
forwarded inside or you'll lose the session.
Dow


Jim Popovitch wrote:

>Hi Cade,
>
>Everything looks good and tight.  I ran nmap against thacker.homelinux.org
>and here are the results.  Btw, it's good to see that you have turned off
>ICMP replies on your Linksys.
>
>-Jim P.
>
>
>  root at bugs~$ nmap -P0 thacker.homelinux.org
>
>  Starting nmap V. 2.54BETA31 ( www.insecure.org/nmap/ )
>  Interesting ports on user-1120uq4.dsl.mindspring.com (66.32.123.68):
>  (The 1553 ports scanned but not shown below are in state: filtered)
>  Port       State       Service
>  22/tcp     open        ssh
>
>  Nmap run completed -- 1 IP address (1 host up) scanned in 409 seconds
>
>
>
>
>---
>This message has been sent through the ALE general discussion list.
>See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
>sent to listmaster at ale dot org.
>
>
>  
>


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list