Re: NYT Article this morning

Rick Busdiecker (rfb@lehman.com)
Tue, 24 Jan 1995 13:12:44 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Christopher Klaus: "Re: IP spoofing vs tcp wrappers and netacl"
Previous message: Quentin Fennessy: "Re: Hijacking tool"
In reply to: Perry E. Metzger: "Re: NYT Article this morning"
Next in thread: Perry E. Metzger: "Re: NYT Article this morning"

    Date: Mon, 23 Jan 1995 15:37:36 -0500
    From: "Perry E. Metzger" <perry@imsi.com>

    Christopher Klaus says:
    > To fully fix the problem will require all the vendors to come out with
    > kernel patches to make the TCP sequence numbering difficult to
    > guess,

    Even that is insufficient, actually. If you see a packet going by, you
    can still try to jam the works up and steal the connection anyway. The
    only permanent solution is a cryptographic security protocol for the
    net -- one is actually in the works now in the IETF.

Morris' paper concludes with this sentence:

  A workable solution might be to only trust hosts on the same
  physical network, and modify gateways to reject packets that claim
  to, but do not in fact, come from directly connected networks.

Your statement as to the ``only permanent solution'' suggests that you
disagree with Morris' hypothesis.

Do you believe that it's possible to use the techniques that are being
discussed to get past a ``two wire'' firewall which ignores internal
packets originating from the external wire?

			Rick

Next message: Christopher Klaus: "Re: IP spoofing vs tcp wrappers and netacl"
Previous message: Quentin Fennessy: "Re: Hijacking tool"
In reply to: Perry E. Metzger: "Re: NYT Article this morning"
Next in thread: Perry E. Metzger: "Re: NYT Article this morning"