[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Limits of stealthing

To: opsec@ops.ietf.org
Subject: Limits of stealthing
From: Todd MacDermid <tmacd@synacklabs.net>
Date: Wed, 25 Jun 2003 00:42:02 -0400
User-agent: Mutt/1.4i

With regards to the stealthing section, what do people think are the limits
of what we can push for.

IMO, in an ideal world, all management traffic would take place out
of band. That includes routing table data, active management, SNMP
traps out, everything. The box, to an in-bound perspective, would simply
be a bump in the wire, decrementing TTLs, and silently dropping packets
if they got to zero. (Well, maybe send something back to home base
to look for the routing loop).

I don't think that's going to be possible. The routing protocols currently
run in-band, and thus we've got to address our interfaces. These interfaces
should be configurable to drop packets from all sources that couldn't
legitimately be updating its routing table, and not issue any packets
back to those sources, but that's probably as good as it's going to
get.

Thoughts?

Todd

Follow-Ups:
- Re: Limits of stealthing
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: Re: More Comments/suggestions on draft
Next by Date: Re: Scope, Profiles
Previous by thread: RE: Provisioning, Password Strength (was RE: comments)
Next by thread: Re: Limits of stealthing
Index(es):
- Date
- Thread