[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Dropping stealthing from opsec; Anyone for a little I>R<TF wo rk ?

To: <opsec@ops.ietf.org>
Subject: RE: Dropping stealthing from opsec; Anyone for a little I>R<TF wo rk ?
From: "David Newman" <dnewman@networktest.com>
Date: Thu, 31 Jul 2003 14:09:26 -0700
In-reply-to: <2D00AD0E4D36D411BD300008C786E4240D5590A4@Denntex021.qwest.net>

> In my opinion, a firewall shouldnt decrement the ttl, be directly
> addressable
> from the internet or send icmp messages

Ah, terminology hell. Is a box that has different IP subnets on either side
a router? What if it's also a firewall? What if it has different subnets but
layer-2 bridges traffic between the subnets? etc. etc. etc.

Since more and more functions are being added into network devices, I prefer
to view this issue in terms of functions rather than box names. For example,
the routing function involves:

--moving traffic between subnets using the destination IP address as the
path selection criterion
--rewriting a packet's source MAC
--decrementing the TTL
--recalculating the IP checksum
--maintaining a routing table, and optionally using a dynamic protocol to
update that table

Just my opinion, but if a box does all this stuff, it's routing (and it
should then do all the other things laid out in the routing requirements
RFC). The box MAY also do the access-control functions of a firewall, but if
it's routing we should treat it as a router.

dn

References:
- RE: Dropping stealthing from opsec; Anyone for a little I>R<TF wo rk ?
  - From: "Smith, Donald" <Donald.Smith@qwest.com>

Prev by Date: RE: Dropping stealthing from opsec; Anyone for a little I>R<TF work ?
Next by Date: RE: Dropping stealthing from opsec; Anyone for a little I>R<TF work ?
Previous by thread: RE: Dropping stealthing from opsec; Anyone for a little I>R<TF wo rk ?
Next by thread: Re: Dropping stealthing from opsec; Anyone for a little I>R<TF wo rk ?
Index(es):
- Date
- Thread