[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Might be off topic. Are computers with 168.192.x.x safe from Internet?
- Subject: Re: [cobalt-security] Might be off topic. Are computers with 168.192.x.x safe from Internet?
- From: Gossi The Dog <gossi@xxxxxxxxxxxxxx>
- Date: Fri, 8 Jun 2001 09:35:34 +0100 (BST)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Thu, 7 Jun 2001, shimi wrote:
>
> On Fri, 8 Jun 2001, satan wrote:
>
> > What ever you do, If you become the main target of a true hacker, he will break in your system soon or later, You cannot have a 100% securoty seal, but you can surely bring this high enought to be able to sleep at night.
> <...>
> > Stephen Gilbert
> > satan@xxxxxxxxxxxxxxxx
>
> If you're running a linux box that MASQs all packets from the LAN, and
> drops all the incoming connections from the internet (both of these with
> IPchains) - I believe that it can be said that you're 100% not hackable.
Not really. Unless it's a Linux box running a recent version of the 2.4
series of kernels, it's possible to force packets through to the internal
network using a bug to do with FTP PASV handling, or some such. There's
detail of it on bugtraq somewhere.
If you rely on a box filtering traffic, you have to realise it's all
software, and software is, by nature, buggy. That's why companies that
rely on protecting the security of their network solely with products like
Firewall-1 annoy me.
Firewall-1 being a good example of something very exploitable (past
history wise, anyway).
Regards.