[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Dropping stealthing from opsec; Anyone for a little I>R<TF work ?
On Fri, 1 Aug 2003, James Carlson wrote:
> I must be missing something essential here.
The idea is simple. The core becomes a black box.
No direct communication possible between core and
anything beyond the edge.
> Moreover, if you can't get packets into the core, then it seems fair
> to say that the core doesn't actually do much, since its primary
> purpose would otherwise have been to forward the packets that do go
> into the core. If nothing can get there, then utilization is likely
> to be pretty low indeed.
Packets can get into the core/be forwarded, just not packets addressed
*to* the core.
> How do packets coming
> *out* of the core have anything to do with attackers getting packets
> *in* to the core? Why would we care at all about packets coming *out*
> of the core?
I'll grant you that one-way communications coming out of the core is
not as much of a risk...useful for mapping and diagnostics at most...I
think we'd achieve most of benefit by disallowing inbound...but I
think we're going to break some fundemental assumptions about routing,
end-to-end connectivity, etc.
I think we've identified a good list of issues here already...I was
just hoping someone here (researcher, someone at a large carrier)
would be interested in summerizing the ideas/exploring it.
Thanks,
---George