[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Dropping stealthing from opsec; Anyone for a little I>R<TF wo rk ?
In my opinion, a firewall shouldnt decrement the ttl, be directly
addressable
from the internet or send icmp messages. Those all provide means to map the
firewall
and systems it is protecting.
Donald.Smith@qwest.com GCIA
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xAF00EDCC
(coffee != sleep) & (!coffee == sleep)
> -----Original Message-----
> From: George Jones [mailto:gmj@pobox.com]
> Sent: Thursday, July 31, 2003 2:41 PM
> To: Smith, Donald
> Cc: Florian Weimer; Todd MacDermid; opsec@ops.ietf.org
> Subject: RE: Dropping stealthing from opsec; Anyone for a
> little I>R<TF
> wo rk ?
>
>
> > Actually firewalls, IDSes, IPSes and other devices could benefit
> > from stealthing. I agree it should probably be in a
> separate document.
> > But it should/would apply beyond the core.
> >
> > As for the core, I am afraid lots of things will probably
> break if its'
> > invisible.
> > However making it invisible from the OUTSIDE of the network might be
> > practical.
>
> Sorry....I guess I should have been more clear...the goal IS to
> make the core invisible beyond the edge.
>
> In the case of a firewall, it's still visible as a layer three device:
> it has an address, packets can be sent to it, TTLs decrement when
> packets cross it, and it sends ICMP messages. In the sense that
> I'm using the term, none of those may be true.
>
> ---George
>