-------- From academic-firewalls-owner@net.tamu.edu Wed Jan 25 00:17:38 1995 X-Sender: swift@tamiya.llnl.gov Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Cc: probsite-l@mcc-care.com, academic-firewalls@net.tamu.edu Date: Tue, 24 Jan 1995 22:09:40 -0800 From: uncl@llnl.gov (Frank Swift @ Home) Reply-To: academic-firewalls@net.tamu.edu To: academic-firewalls@net.tamu.edu Subject: Re: IP spoofing -- assessment At 19:45 1/24/95, Paul Ferguson wrote: >I would very much like to hear opinions on this list, in particular, >on the intrusion detection analysis track with regards to most >recent 'IP Spoofing' and 'Hijacked' tcp connection thread. [...] >I would like to enlist the opinions, tacts and input from the list >members; up until now, this list has been _very_ quiet. I agree..it sure has been quiet out here. More important, and what got my attention was an article in today's (1/24) SF chron which stated: "The most recent breach was detected on Christmas Day when a computer security expert at the San Diego Supercomputer Center was robbed of security software by an unknown individual or group that took over his computer for the day." Of interest also was that the tools were subsequently posted at an .edu site and then taken off the net by their administrators. This incident is just the tip of the iceberg. I'm fear that we all may get spooled off in a router discussion eddy and miss the importance of what the other tools were and what they do. How's that for another catalyst? frank Frank Swift L-321 (Sent from Home) Unclassified Computer Security Coordinator Lawrence Livermore National Laboratory (LLNL) 7000 East Avenue L-321 Livermore CA 94550-9516 Voice: (510) 422-1463 FAX: (510) 423-0913 -------- From academic-firewalls-owner@net.tamu.edu Wed Jan 25 00:40:30 1995 Cc: probsite-l@mcc-care.com In-Reply-To: from "Frank Swift @ Home" at Jan 24, 95 10:09:40 pm X-Mailer: ELM [version 2.4 PL23] MIME-Version: 1.0 Content-Type: text/plain; charset=LATIN-1 Content-Transfer-Encoding: 8bit Content-Length: 386 Date: Wed, 25 Jan 1995 07:33:37 +0100 (MET) From: saouli@math.ethz.ch Reply-To: academic-firewalls@net.tamu.edu To: academic-firewalls@net.tamu.edu Subject: Re: IP spoofing -- assessment Hello, why don't we do a small BOF at the ISOC symposium next month in San Diego it could bring some interesting stuff up. - --ksa - -- Karim Saouli Math Department of the Network administrator Swiss Fed. Inst. of Tech (ETHZ) Room: HG G 14.2 S-Mail: HG G 14.2 Email: saouli@math.ethz.ch ETH Zentrum Phone: ++41-1-632-2230 CH-8092 Zurich FAX : ++41-1-632-1085 -------- From academic-firewalls-owner@net.tamu.edu Wed Jan 25 01:10:24 1995 X-Sender: swift@tamiya.llnl.gov Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Cc: academic-firewalls@net.tamu.edu, probsite-l@mcc-care.com Date: Tue, 24 Jan 1995 23:04:41 -0800 From: uncl@llnl.gov (Frank Swift @ Home) Reply-To: academic-firewalls@net.tamu.edu To: academic-firewalls@net.tamu.edu Subject: Re: IP spoofing -- assessment At 22:33 1/24/95, saouli@math.ethz.ch wrote: >Hello, > >why don't we do a small BOF at the ISOC symposium next month in San Diego >it could bring some interesting stuff up. > Good idea. Looks like there will be at least two there. {8- from "Frank Swift @ Home" at Jan 24, 95 11:04:41 pm X-Mailer: ELM [version 2.4 PL24] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 474 Date: Wed, 25 Jan 1995 05:38:46 -0800 (PST) From: bmanning@ISI.EDU Reply-To: academic-firewalls@net.tamu.edu To: academic-firewalls@net.tamu.edu Subject: Re: IP spoofing -- assessment > > At 22:33 1/24/95, saouli@math.ethz.ch wrote: > >Hello, > > > >why don't we do a small BOF at the ISOC symposium next month in San Diego > >it could bring some interesting stuff up. > > > Good idea. Looks like there will be at least two there. {8- frank > Last I heard, it had been postponed until April due to the overlap with the North American Operators Group mtg in Boulder next week and the European Operators Forum mtg last week in Amsterdam. - -- - --bill -------- From academic-firewalls-owner@net.tamu.edu Wed Jan 25 11:02:05 1995 In-Reply-To: <199501251338.AA15187@zed.isi.edu>; from "bmanning@ISI.EDU" at Jan 25, 95 5:38 am X-Mailer: ELM [version 2.3 PL11] Date: Wed, 25 Jan 95 8:40:15 PST From: Jim Alves-Foss Reply-To: academic-firewalls@net.tamu.edu To: academic-firewalls@net.tamu.edu Subject: Re: IP spoofing -- assessment > > > > > At 22:33 1/24/95, saouli@math.ethz.ch wrote: > > >Hello, > > > > > >why don't we do a small BOF at the ISOC symposium next month in San Diego > > >it could bring some interesting stuff up. > > > > > Good idea. Looks like there will be at least two there. {8- > frank > > > > Last I heard, it had been postponed until April due to the overlap with > the North American Operators Group mtg in Boulder next week and the > European Operators Forum mtg last week in Amsterdam. > > -- > --bill > You must have heard incorrectly: - -Jim Alves-Foss Assistant Professor Computer Science Department University of Idaho (jimaf@cs.uidaho.edu) Forwarded message: > From balenson@tis.com Tue Dec 6 20:52 PST 1994 > Message-Id: <9412070449.AA14587@tis.com> > To: sndss-all@tis.com > Subject: Program Announcement: ISOC '95 Symp. Net. & Distr. Sys. Security > Mime-Version: 1.0 > Content-Type: text/plain; charset="us-ascii" > Content-Id: <14583.786775744.1@tis.com> > Date: Tue, 06 Dec 1994 23:49:04 -0500 > From: "David M. Balenson" > > ============================================================================== > > THE INTERNET SOCIETY SYMPOSIUM ON > NETWORK AND DISTRIBUTED SYSTEM SECURITY > > 16-17 FEBRUARY 1995 > > CATAMARAN HOTEL - SAN DIEGO, CALIFORNIA > > The symposium will bring together people who are building software > and/or hardware to provide network and distributed system security > services. The symposium is intended for those interested in the more > practical aspects of network and distributed system security, focusing > on actual system design and implementation, rather than in theory. We > hope to foster the exchange of technical information that will > encourage and enable the Internet community to apply, deploy and > advance the state of the available security technology. > > ============================================================================== > > P R E L I M I N A R Y P R O G R A M > > WEDNESDAY, FEBRUARY 15 > > 6:00 P.M. - 8:00 P.M. > REGISTRATION AND RECEPTION > > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > > THURSDAY, FEBRUARY 16 > > 7:30 A.M. > CONTINENTAL BREAKFAST > > 8:30 A.M. > OPENING REMARKS > > 9:00 A.M. > SESSION 1: DIVERSE APPROACHES TO SECURITY AT THE NETWORK LAYER > Chair: Stephen T. Kent (Bolt, Beranek and Newman, USA) > > Multicast-Specific Security Threats and Counter-Measures, Tony > Ballardie and Jon Crowcroft (University College London, United > Kingdom). > > Design of a Key Agile Cryptographic System for OC-12c Rate ATM, > Daniel Stevenson, Nathan Hillery, Greg Byrd, and Dan Winkelstein > (Microelectronics Center of North Carolina - MCNC, USA). > > IpAccess: An Internet Service Access System for Firewall > Installations, Steffen Stempel (University of Karlsruhe, Germany). > > 10:30 A.M. > BREAK > > 11:00 A.M. > SESSION 2: PANEL: SECURITY ARCHITECTURE FOR THE INTERNET INFRASTRUCTURE > Chair: Robert W. Shirey (The MITRE Corporation, USA) > > Security for the Internet Protocol (IP) and IP Next Generation, > Paul A. Lambert (Motorola, USA). > > Security for the Internet Domain Name System, James M. Galvin > (Trusted Information Systems, USA). > > Security of Routing Protocols in the Internet, Gary Scott Malkin > (Xylogics, USA). > > Security Approaches to Routing in the Internet, Sandra L. Murphy > (Trusted Information Systems, USA). > > 12:30 P.M. > LUNCH > > 2:00 P.M. > SESSION 3: OFF-LINE OBJECT DISTRIBUTION SECURITY > Chair: Jeffrey I. Schiller (Massachusetts Institute of Technology, USA) > > Trusted Distribution of Software Over the Internet, Aviel D. Rubin > (Bellcore, USA). > > Location-Independent Information Object Security, John Lowry (Bolt > Beranek and Newman, USA). > > 3:00 P.M. > BREAK > > 3:30 P.M. > SESSION 4: INTERNET PAYMENTS > Chair: Ravi Ganesan (Bell Atlantic, USA) > > Electronic Cash on the Internet, Stefan Brands (Centrum voor > Wiskunde en informatica - CWI, The Netherlands). > > PANEL: Internet Payment Mechanisms - Requirements and Architecture > Chair: Ravi Ganesan (Bell Atlantic, USA) > Panelists: B. Clifford Neuman (Information Sciences Institute, USA), > David Crocker (Brandenburg Consulting, USA), and others TBD > > 7:00 P.M. > DINNER BANQUET > > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > > FRIDAY, FEBRUARY 17 > > 7:30 A.M. > CONTINENTAL BREAKFAST > > 8:30 A.M. > SESSION 5: SECURITY MONITORING TOOLS - PRACTICE AND EXPERIENCE > Chair: Michael St. Johns (Advanced Research Projects Agency, USA) > > NERD: Network Event Recording Device: An Automated System for > Network Anomaly Detection and Notification, David G. Simmons and > Ronald Wilkins (Los Alamos National Laboratory, USA). > > An Overview of SNIF: A Tool for Surveying Network Information Flow, > Jim Alves-Foss (University of Idaho, USA). > > Distributed Audit Trail Analysis, Abdelaziz Mounji, Baudouin Le > Charlier, Denis Zampunieris and Naji Habra (Facultes Universitaires > de Namur - FUNDP, Belgium). > > 10:00 A.M. > BREAK > > 10:30 A.M. > SESSION 6: AUTHENTICATION AND AUTHORIZATION > Chair: B. Clifford Neuman (Information Sciences Institute, USA) > > SESAME V2 Public Key and Authorisation Extensions to Kerberos, > Piers McMahon (ICL, United Kingdom). > > Yaksha: Augmenting Kerberos with Public Key Cryptography, > Ravi Ganesan (Bell Atlantic, USA). > > GSS-API Security for ONC RPC, Barry Jaspan (OpenVision > Technologies, USA). > > 12:00 NOON - 1:30 P.M. > LUNCH > > 1:30 P.M. > SESSION 7: MECHANISMS OF IDENTITY - THE CERTIFICATE INFRASTRUCTURE > Chair: Hilarie Orman (University of Arizona, USA) > > A Certificate Management System: Structure, Functions and > Protocols, Nada Kapidzic and Alan Davidson (Stockholm University & > Royal Institute of Technology, Sweden). > > PEMToolKit: Building a Top-Down Certification Hierarchy for PEM > from the Bottom Up, Alireza Bahreman (Bellcore, USA). > > A New Approach to the X.509 Framework: Allowing a Global > Authentication Infrastructure Without a Global Trust Model, Suzan > Mendes (TS-E3X - Research and Development Center, France) and Christian > Huitema (INRIA, France). > > 3:00 P.M. > BREAK > > 3:30 P.M. > SESSION 8: PANEL: SECURITY ISSUES FOR MOSAIC AND THE WORLD WIDE WEB > Chair: Fred Avolio (Trusted Information Systems, USA) > Panelists: Peter J. Churchyard (Trusted Information Systems, USA), > Allan M. Schiffman (Enterprise Integration Technologies, USA), and > Bill Cheswick (AT&T Bell Laboratories, USA) > > ------------------------------------------------------------------------------ > > GENERAL CHAIR > > James T. Ellis, CERT Coordination Center, Carnegie Mellon University > > PROGRAM CO-CHAIRS > > David M. Balenson, Trusted Information Systems > Robert W. Shirey, The MITRE Corporation > > PROGRAM COMMITTEE > > Thomas A. Berson, Anagram Laboratories > Matt Bishop, University of California at Davis > Ravi Ganesan, Bell Atlantic > Stephen T. Kent, Bolt, Beranek and Newman > Paul A. Lambert, Motorola > John Linn, OpenVision Technologies > B. Clifford Neuman, Information Sciences Institute > Hilarie Orman, University of Arizona > Michael Roe, University of Cambridge (UK) > Robert Rosenthal, U.S. National Institute of Standards and Technology > Jeffrey I. Schiller, Massachusetts Institute of Technology > Peter Yee, U.S. National Aeronautics and Space Administration > Roberto Zamparo, Telia Research (Sweden) > > PUBLICATIONS CHAIR > > Terry Mayfield, Institute for Defense Analyses > > REGISTRATIONS CHAIR > > Gloria Carrier, The MITRE Corporation > > LOCAL ARRANGEMENTS CHAIR > > Thomas Hutton, San Diego Supercomputer Center > > STEERING GROUP > > Internet Research Task Force, Privacy and Security Research Group > > ------------------------------------------------------------------------------ > > BEAUTIFUL SAN DIEGO > > The Symposium venue is the Catamaran Resort Hotel, providing 7 acres of > gorgeous surroundings, facing Mission Bay and only 100 yards from > beautiful Pacific Ocean beaches. Spouses and family members can catch a > convenient Harbor Hopper for a quick trip to Sea World. After the > Symposium, plan to spend the weekend visiting La Jolla, the world > famous San Diego Zoo or Mexico, only 30 minutes by car or Trolley. > > A limited number of rooms have been reserved at the Catamaran for the > very special rate of $71.56 single, $88 double. Reservations, on a > space available basis, can be made by calling (800)-288-0770 and > indicating you are attending the ISOC Security Symposium, or by FAXing > the hotel registration form attached below. Reservations must be made > before Jan. 15, 1995 to ensure the special rate. > > CLIMATE > > February weather in San Diego is normally very pleasant. Early morning > temperatures average 55 degrees while afternoon temperatures average 67 > degrees. Generally, a light jacket or sweater is adequate during February; > although, occasionally it rains. > > TRANSPORTATION > > San Diego International Airport is 10 miles (approx. 15 minutes) from > the Catamaran Hotel. Cloud9 shuttle operates a continuous service > between the airport and the hotel: fare is $6.00. When you arrive at > the airport, go to the shuttle loading area at either terminal and ask > the attendant to radio for a Cloud9 shuttle to the Catamaran. Taxi > fare between the airport and the hotel is approx. $20. The Catamaran > charges $6 per day for parking. > > REGISTRATION FEES > > Postmarked Subsequent > by Jan. 6 registration > > $320 $365 > > REGISTRATION INCLUDES > > - Attendance - Symposium Proceedings > - Reception - Banquet > - Two Luncheons - Coffee Breaks > > ON-SITE REGISTRATION is available Wednesday evening at the reception, and > Thursday morning at the Symposium. > > FOR MORE INFORMATION on registration contact Gloria Carrier > by phone at (703)-883-4508 or via email to gcarrier@mitre.org. > > ============================================================================== > > SYMPOSIUM REGISTRATION FORM > > Name ______________________________________________________________________ > > Affiliation _______________________________________________________________ > > Name on Badge _____________________________________________________________ > > Special Requirements (e.g., dietary)? _____________________________________ > > Mailing Address ___________________________________________________________ > > ___________________________________________________________________________ > > ___________________________________________________________________________ > > Area Code/Phone # _________________________________________________________ > > Area Code/FAX # ___________________________________________________________ > > Email Address _____________________________________________________________ > > [ ] Check here if you would prefer that your name NOT be included > in the list of attendees distributed at the symposium. > > Make check (credit cards not accepted) payable to ISOC NDSS SYMPOSIUM. > (Registration is not effective until payment is received). Mail > registration, no later than February 10, 1994, to: ISOC Symposium, C/O > Gloria Carrier, The MITRE Corporation, 7525 Colshire Drive, M.S. Z605, > McLean, VA 22102-3481, USA. > > ============================================================================== > > HOTEL REGISTRATION FORM > > > WELCOME ISOC SECURITY SYMPOSIUM > February 16-17, 1995 > > Single: $71.56 Double: $88.00 > Triple: $103.00 Quad: $118.00 > > Extra Person $15.00 > > All rates subject to $10.50 room tax > > Reservations required by: January 15, 1995 > > Fax this form to the Catamaran Hotel at (619)-490-3328 > > > Name ______________________________________________________________________ > > Street ____________________________________________________________________ > > City ___________________________________ State ___________ Zip ____________ > > Phone # ________________________________ Number in Party ________________ > > Arrival Date ___________________________ Departure Date _________________ > > Roommate(s) ____________________________ Special Needs __________________ > > Credit Card # __________________________ Expires ________________________ > > Name on Card ______________________________________________________________ > > Signature _________________________________________________________________ > > ============================================================================== > > -------- From academic-firewalls-owner@net.tamu.edu Wed Jan 25 12:22:39 1995 Posted-Date: Wed, 25 Jan 1995 10:16:27 -0800 (PST) In-Reply-To: <199501251640.IAA08680@panther.cs.uidaho.edu> from "Jim Alves-Foss" at Jan 25, 95 08:40:15 am X-Mailer: ELM [version 2.4 PL24] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 633 Date: Wed, 25 Jan 1995 10:16:27 -0800 (PST) From: bmanning@ISI.EDU Reply-To: academic-firewalls@net.tamu.edu To: academic-firewalls@net.tamu.edu Subject: Re: IP spoofing -- assessment > > Last I heard, it had been postponed until April due to the overlap with > > the North American Operators Group mtg in Boulder next week and the > > European Operators Forum mtg last week in Amsterdam. > > > > -- > > --bill > > > > You must have heard incorrectly: > > -Jim Alves-Foss Humm, I wonder what this was to mean then.... te: Tue, 20 Dec 94 09:02 EST To: bmanning Subject: Re: February Meeting bill, the hotel relented and allowed us to postpone the ops conf to mid april so this gives more time to prepare the meeting and also to coordinate with other interested parties. vint - -- - --bill -------- From academic-firewalls-owner@net.tamu.edu Wed Jan 25 14:05:49 1995 In-Reply-To: <199501251816.AA15507@zed.isi.edu>; from "bmanning@ISI.EDU" at Jan 25, 95 10:16 am X-Mailer: ELM [version 2.3 PL11] Date: Wed, 25 Jan 95 11:56:26 PST From: Jim Alves-Foss Reply-To: academic-firewalls@net.tamu.edu To: academic-firewalls@net.tamu.edu Subject: Re: IP spoofing -- assessment > > > > Last I heard, it had been postponed until April due to the overlap with > > > the North American Operators Group mtg in Boulder next week and the > > > European Operators Forum mtg last week in Amsterdam. > > > > > > -- > > > --bill > > > > > > > You must have heard incorrectly: > > > > -Jim Alves-Foss > > Humm, I wonder what this was to mean then.... > > te: Tue, 20 Dec 94 09:02 EST > To: bmanning > Subject: Re: February Meeting > > bill, > > the hotel relented and allowed us to postpone the ops conf > to mid april so this gives more time to prepare the meeting > and also to coordinate with other interested parties. > > vint > > > -- > --bill > My question is "Are we talking about the same conference? I am talking about ISOC Symposium on Network and Distributed System Security being held at the Catamaran Hotel in San Diego on Feb 16-17 (see the announcement I sent last time). - -jim -------- From academic-firewalls-owner@net.tamu.edu Wed Jan 25 17:17:46 1995 X-Mailer: ELM [version 2.4 PL23] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 274 Date: Wed, 25 Jan 1995 18:12:00 -0500 (EST) From: Brian Powell Reply-To: academic-firewalls@net.tamu.edu To: academic-firewalls@net.tamu.edu Subject: subscribe academic-firewalls subscribe academic-firewalls - -- Brian o-----------------------The Ohio Supercomputer Center-----------------------o | Brian S. Powell bpowell@osc.edu | o-----------------------"My other computer is a CRAY"-----------------------o -------- From academic-firewalls-owner@net.tamu.edu Wed Jan 25 20:57:14 1995 In-Reply-To: <199501251956.LAA08818@panther.cs.uidaho.edu> from "Jim Alves-Foss" at Jan 25, 95 11:56:26 am X-Mailer: ELM [version 2.4 PL24] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 45 Date: Wed, 25 Jan 1995 18:51:31 -0800 (PST) From: bmanning@ISI.EDU (Bill Manning) Reply-To: academic-firewalls@net.tamu.edu To: academic-firewalls@net.tamu.edu Subject: Re: IP spoofing -- assessment Ah, no. sorry to be a bother... - -- - --bill -------- From academic-firewalls-owner@net.tamu.edu Thu Jan 26 03:39:01 1995 In-Reply-To: <199501251816.AA15507@zed.isi.edu> from "bmanning@ISI.EDU" at Jan 25, 95 10:16:27 am X-Mailer: ELM [version 2.4 PL23] MIME-Version: 1.0 Content-Type: text/plain; charset=LATIN-1 Content-Transfer-Encoding: 8bit Content-Length: 754 Date: Wed, 25 Jan 1995 22:58:04 +0100 (MET) From: saouli@math.ethz.ch Reply-To: academic-firewalls@net.tamu.edu To: academic-firewalls@net.tamu.edu Subject: Re: IP spoofing -- assessment Hello, I am proposing to do a BOF of some sort at the ISOC symposium that will happen in february, so that we can discuss in an open manner of the recent incidents and theiur impact on ourpolicies and technology that needs to be used to defeat attackers. The symposium is not postponed in any maner! There might be a shortage of room at the catamaran hotel though. For those interested about such a BOF just send me an email reply so that I can try to find a room for that. Regards, K. Saouli - -- Karim Saouli Math Department of the Network administrator Swiss Fed. Inst. of Tech (ETHZ) Room: HG G 14.2 S-Mail: HG G 14.2 Email: saouli@math.ethz.ch ETH Zentrum Phone: ++41-1-632-2230 CH-8092 Zurich FAX : ++41-1-632-1085 -------- From academic-firewalls-owner@net.tamu.edu Thu Jan 26 09:10:55 1995 MIME-version: 1.0 Content-type: TEXT/PLAIN; CHARSET=US-ASCII Content-transfer-encoding: 7BIT Date: Thu, 26 Jan 1995 08:05:08 -0700 (MST) From: jgotobed@LPL.Arizona.EDU (Joe Gotobed x4549) Reply-To: academic-firewalls@net.tamu.edu To: academic-firewalls@net.tamu.edu Subject: Re: IP spoofing -- assessment External packets claiming an internal IP address are at minimum misconfigured & should be droped. I agree that IP-Spoofing clearly represents an attempted misuse of the target network/hosts resources. But the rational for dropping these packets need not consider the motivation of the sender, they're just bad packets. There are many more important issues concerning filtering than whether to drop obviously erroneous packets. Just drop them! Regards, Joe Joe Gotobed Internet (joe@arizona.edu) Network & Systems Manager Lunar and Planetary Laboratory University of Arizona Unix Users Group/General Access Systems Tucson, AZ 85721 (602) 621-4549 -------- From academic-firewalls-owner@net.tamu.edu Thu Jan 26 09:43:43 1995 MIME-version: 1.0 Content-type: TEXT/PLAIN; CHARSET=US-ASCII Content-transfer-encoding: 7BIT Date: Thu, 26 Jan 1995 08:37:57 -0700 (MST) From: jgotobed@LPL.Arizona.EDU (Joe Gotobed x4549) Reply-To: academic-firewalls@net.tamu.edu To: academic-firewalls@net.tamu.edu Subject: Oppss.. make that....SOURCE address I left out a rather important qualifier. - ->External packets claiming an internal IPSOURCE address are at minimum - ->misconfigured & should be droped. Joe Joe Gotobed Internet (joe@arizona.edu) Network & Systems Manager Lunar and Planetary Laboratory University of Arizona Unix Users Group/General Access Systems Tucson, AZ 85721 (602) 621-4549 -------- From academic-firewalls-owner@net.tamu.edu Thu Jan 26 15:01:40 1995 Date: Thu, 26 Jan 95 14:54:46 -0600 From: Dave Hess Reply-To: academic-firewalls@net.tamu.edu To: academic-firewalls@net.tamu.edu Subject: Re: IP spoofing -- assessment > External packets claiming an internal [source] IP address are at minimum > misconfigured & should be droped. And as an FYI, those of you using Drawbridge can do this easily with "reject" statements. You may need to be careful to leave a "window" in the address space so you can talk to any routers on the outside of Drawbridge that are in your address space. Dave - --- David K. Hess Network Analyst David-Hess@tamu.edu Computing and Information Services - Network Group (409) 845-0372 (work) Texas A&M University -------- From academic-firewalls-owner@net.tamu.edu Fri Jan 27 18:46:30 1995 In-Reply-To: <9501262054.AA23968@posaune.tamu.edu> from "Dave Hess" at Jan 26, 95 02:54:46 pm X-Mailer: ELM [version 2.4 PL23] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 2586 Date: Fri, 27 Jan 1995 19:40:35 -0500 (EST) From: maf@net.ohio-state.edu Reply-To: academic-firewalls@net.tamu.edu To: academic-firewalls@net.tamu.edu Subject: Re: IP spoofing -- assessment >"reject" statements. You may need to be careful to leave a "window" in > >the address space so you can talk to any routers on the outside of >Drawbridge that are in your address space. As with the KarlBridge software. At Ohio-State, we're trying to do this at the entrance of each building/department. Even with logging turned on there's no noticeable difference in performance on some of our busy networks. If your internal net is 128.146.222.x and your bridge is between a router (128.146.222.1) and the rest of your hosts: ################### # IP-UDP/TCP # ################### IP-UDP/TCP SOURCE ROUTED IP PACKETS = DROP IP-UDP/TCP BAD IP HEADERS = PASS IP-UDP/TCP MULTICAST IP PACKETS = PASS IP-UDP/TCP ICMP DESTINATION UNREACHABLE MESSAGES = OFF # # Pass the router # IP-UDP/TCP ADDRESS FILTER DEFINITION = 0 IP-UDP/TCP REMOTE ADDRESS = 128.146.222.1 IP-UDP/TCP REMOTE MASK = 0xFFFFFFFF IP-UDP/TCP LOCAL ADDRESS = 0.0.0.0 IP-UDP/TCP LOCAL MASK = 0x00000000 IP-UDP/TCP ENCRYPTION MODE = OFF IP-UDP/TCP IP/ICMP PACKETS = ON IP-UDP/TCP NON IP/TCP IP/UDP = ON IP-UDP/TCP PASS UDP REMOTE SERVER SOCKET = ALL IP-UDP/TCP PASS UDP LOCAL SERVER SOCKET = ALL IP-UDP/TCP PASS UDP SOCKET ABOVE 1023 = ALL IP-UDP/TCP PASS TCP REMOTE SERVER SOCKET = ALL IP-UDP/TCP PASS TCP LOCAL SERVER SOCKET = ALL IP-UDP/TCP PASS TCP SOCKET ABOVE 1023 = ALL # # don't pass anything from outside claiming to be inside # IP-UDP/TCP ADDRESS FILTER DEFINITION = 1 IP-UDP/TCP REMOTE ADDRESS = 128.146.222.0 IP-UDP/TCP REMOTE MASK = 0xFFFFFF00 IP-UDP/TCP LOCAL ADDRESS = 0.0.0.0 IP-UDP/TCP LOCAL MASK = 0x00000000 IP-UDP/TCP ENCRYPTION MODE = OFF IP-UDP/TCP IP/ICMP PACKETS = ON IP-UDP/TCP NON IP/TCP IP/UDP = ON IP-UDP/TCP DROP UDP REMOTE SERVER SOCKET = ALL IP-UDP/TCP DROP UDP LOCAL SERVER SOCKET = ALL IP-UDP/TCP DROP UDP SOCKET ABOVE 1023 = ALL IP-UDP/TCP DROP TCP REMOTE SERVER SOCKET = ALL IP-UDP/TCP DROP TCP LOCAL SERVER SOCKET = ALL IP-UDP/TCP DROP TCP SOCKET ABOVE 1023 = ALL # # allow everything else # IP-UDP/TCP ADDRESS FILTER DEFINITION = 2 IP-UDP/TCP REMOTE ADDRESS = 0.0.0.0 IP-UDP/TCP REMOTE MASK = 0x00000000 IP-UDP/TCP LOCAL ADDRESS = 0.0.0.0 IP-UDP/TCP LOCAL MASK = 0x00000000 IP-UDP/TCP ENCRYPTION MODE = OFF IP-UDP/TCP IP/ICMP PACKETS = ON IP-UDP/TCP NON IP/TCP IP/UDP = ON IP-UDP/TCP PASS UDP REMOTE SERVER SOCKET = ALL IP-UDP/TCP PASS UDP LOCAL SERVER SOCKET = ALL IP-UDP/TCP PASS UDP SOCKET ABOVE 1023 = ALL IP-UDP/TCP PASS TCP REMOTE SERVER SOCKET = ALL IP-UDP/TCP PASS TCP LOCAL SERVER SOCKET = ALL IP-UDP/TCP PASS TCP SOCKET ABOVE 1023 = ALL - -- mark maf+@osu.edu -------- From academic-firewalls-owner@net.tamu.edu Sat Jan 28 12:38:33 1995 Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Date: Sat, 28 Jan 1995 12:35:16 -0600 (CST) From: Kent Arnott Reply-To: academic-firewalls@net.tamu.edu To: academic-firewalls@net.tamu.edu Subject: subscribe academic firewalls subscribe academic firewalls - --<<<<<<<<<<<<<<<<<<<*>>>>>>>>>>>>>>>>>>>-- Kent Arnott Lab Supervisor, Acting Systems Administrator Texas A&M University-Corpus Christi 6300 Ocean Drive Corpus Christi, Texas 78412 (512) 994-6075 - --<<<<<<<<<<<<<<<<<<<*>>>>>>>>>>>>>>>>>>>--