| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 19 Apr 2007 13:43:50 -0400 From: "Maxime Ducharme" <mducharme@...ergeneration.com> To: "'Kristian Hermansen'" <kristian.hermansen@...il.com>, <full-disclosure@...ts.grok.org.uk> Subject: Re: hiding routers Hello Kristian I did some implementation of "transparent firewalls" on Linux. Usually it wasnt a router, but was placed at the entry point of networks just after the router. ebtables on Linux can explains how it is done : http://ebtables.sourceforge.net/ The firewalls didnt have any IP addresses and were acting as bridges with filtering capabilities. I cannot tell if it is common setup, but it was alot harder to "find" the firewall, almost impossible if you arent on the same IP segment. This box would not touch TTL field like you describe below. These configurations currently work perfectly, I would recommend it. it wont "breaks tcp/ip and error conditions" if you understand and configure ebtables correctly. Hope that helps Maxime Ducharme -----Message d'origine----- De : full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] De la part de Kristian Hermansen Envoyé : 18 avril 2007 04:25 À : full-disclosure@...ts.grok.org.uk Objet : [Full-disclosure] hiding routers I brought this question up on another mailing list, but didn't get any good answers... How common is it that a router does not decrement the TTL of packets, such that it is unable to be identified using traceroute? Choosing not to decrement the TTL causes the next router to appear as the hop, but the current router to remain hidden. How does one commonly identify such hidden routers in an automated fashion? And is it policy for any organizations to actually do this, or only with certain packet types? The responses I got were along the lines of "don't do that, it breaks tcp/ip and error conditions". However, I am still interested in how likely an organization is to try something like this for both legitimate and illegitimate purposes. -- Kristian Hermansen _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists