[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Dropping stealthing from opsec; Anyone for a little I>R<TF work ?

To: James Carlson <james.d.carlson@sun.com>
Subject: RE: Dropping stealthing from opsec; Anyone for a little I>R<TF work ?
From: George Jones <gmj@pobox.com>
Date: Fri, 1 Aug 2003 10:05:10 -0400 (EDT)
Cc: ericb@digitaljunkyard.net, opsec@ops.ietf.org
In-reply-to: <16170.24296.334506.429312@gargle.gargle.HOWL>
References: <2D00AD0E4D36D411BD300008C786E4240D5590A0@Denntex021.qwest.net><Pine.LNX.4.53.0307311631090.17107@mall.pulltheplug.com><16169.33411.653795.429866@gargle.gargle.HOWL> <gu9el06fgpc.fsf@rivendell.digitaljunkyard.net><Pine.LNX.4.53.0307311821180.17107@mall.pulltheplug.com><16170.24296.334506.429312@gargle.gargle.HOWL>
Reply-to: gmj@pobox.com

On Fri, 1 Aug 2003, James Carlson wrote:

> I must be missing something essential here.

The idea is simple.   The core becomes a black box.
No direct communication possible between core and
anything beyond the edge.

> Moreover, if you can't get packets into the core, then it seems fair
> to say that the core doesn't actually do much, since its primary
> purpose would otherwise have been to forward the packets that do go
> into the core.  If nothing can get there, then utilization is likely
> to be pretty low indeed.

Packets can get into the core/be forwarded, just not packets addressed
*to* the core.

>  How do packets coming
> *out* of the core have anything to do with attackers getting packets
> *in* to the core?  Why would we care at all about packets coming *out*
> of the core?

I'll grant you that one-way communications coming out of the core is
not as much of a risk...useful for mapping and diagnostics at most...I
think we'd achieve most of benefit by disallowing inbound...but I
think we're going to break some fundemental assumptions about routing,
end-to-end connectivity, etc.

I think we've identified a good list of issues here already...I was
just hoping someone here (researcher, someone at a large carrier)
would be interested in summerizing the ideas/exploring it.

Thanks,
---George

References:
- RE: Dropping stealthing from opsec; Anyone for a little I>R<TF work ?
  - From: "Smith, Donald" <Donald.Smith@qwest.com>
- RE: Dropping stealthing from opsec; Anyone for a little I>R<TF work ?
  - From: George Jones <gmj@pobox.com>
- RE: Dropping stealthing from opsec; Anyone for a little I>R<TF work ?
  - From: James Carlson <james.d.carlson@sun.com>
- Re: Dropping stealthing from opsec; Anyone for a little I>R<TF wo rk ?
  - From: ericb@digitaljunkyard.net
- RE: Dropping stealthing from opsec; Anyone for a little I>R<TF work ?
  - From: George Jones <gmj@pobox.com>
- RE: Dropping stealthing from opsec; Anyone for a little I>R<TF work ?
  - From: James Carlson <james.d.carlson@sun.com>

Prev by Date: RE: Dropping stealthing from opsec; Anyone for a little I>R<TF wo rk ?
Next by Date: RE: Dropping stealthing from opsec; Anyone for a little I>R<TF wo rk ?
Previous by thread: RE: Dropping stealthing from opsec; Anyone for a little I>R<TF work ?
Next by thread: Re: Dropping stealthing from opsec; Anyone for a little I>R<TF wo rk ?
Index(es):
- Date
- Thread