Packet Filtering Characteristics of DNS

Pre Trip Wheeler Diagram

There are two types of DNS network activities lookups and zone transfers. Lookups occur when a DNS client (or a DNS server acting on behalf of a client) queries a DNS server for information - for example, the IP address for a given hostname, the hostname for a given IP address, the name server for a given domain, or the mail exchanger for a given host. Zone transfers occur when a DNS server (the secondary server) requests from another DNS server (the primary server) everything the primary...

Packet Filtering Characteristics of RPC

It's very difficult to use packet filtering to control RPC-based services because you don't usually know what port the service will be using on a particular machine - and chances are that the port used will change every time the machine is rebooted. Blocking access to the location server isn't sufficient. An attacker can bypass the step of talking to the location server and simply try all TCP and or UDP ports (the 65,536 possible ports can all be checked on a particular machine in a matter of...

Packet filtering characteristics of H323

H.323 uses at least three ports per connection. A TCP connection at port 1720 is used for call setup. In addition, each data stream requires one dynamically allocated TCP port (for call control) and one dynamically allocated UDP port (for data). Audio and data are sent separately, and data streams are one-way this means that a normal video conference will require no less than eight dynamically allocated ports (a TCP control port and a UDP data port for outgoing video, another pair for outgoing...

Packet filtering characteristics of X11

X11 uses TCP port 6000 for the first server on a machine. This choice of ports presents another problem for packet filtering systems the X11 ports are in the middle of the above 1023 range of ports that most applications use for random client-side ports. Thus, any packet filtering scheme that allows in packets to ports above 1023 (in order to allow packets from remote servers to local clients) needs to be very careful not to allow in connections to X11 servers. It can do this either by totally...

A73 Internet Society Symposium on Network and Distributed System Security SNDSS

The Internet Society sponsors an annual symposium on network security. From the 1995 symposium announcement The symposium will bring together people who are building software and or hardware to provide network and distributed system security services. The symposium is intended for those interested in the more practical aspects of network and distributed system security, focusing on actual system design and implementation, rather than on theory. We hope to foster the exchange of technical...

Packet Filtering Characteristics of HTTP

Clients use random ports above 1023. Most servers use port 80, but some don't. To understand why, you need some history. Many information access services (notably HTTP, WAIS, and Gopher) were designed so that the servers don't have to run on a fixed well-known port on all machines. A standard well-known port was established for each of these services, but the clients and servers are all capable of using alternate ports as well. When you reference one of these...

Disabling Services Under Unix

As we discussed in Chapter 10, there are four general precautions to take when disabling services Make sure that you have a way to boot the machine if you disable a critical service (for instance, a secondary hard disk with a full operating system image or a bootable CD-ROM). Save a clean copy of everything you modify so that you know how to put it back the way it was if you do something wrong. When you disable a service, disable everything that depends on it. Don't connect the machine you are...

C51 Encryption Algorithms

These algorithms are designed to be used for encryption (reversibly obscuring information). As we've mentioned, it is often possible to use encryption algorithms for other purposes, and many of these algorithms are also used for digital signatures and or for cryptographic hashing. RSA is a public key cipher that can use varying key sizes (which are theoretically unlimited). Typical key sizes are 512, 768, 1024, and 2048 bits. Because the algorithm is expensive to compute, the smaller key sizes...

Packet filtering characteristics of SQLNet and Net8

Oracle uses entirely TCP ports over 1024.57 These ports can be configured, and there are multiple defaults depending on the version of Oracle you are running. In what appears to be the most common default configuration, the TNS listener is at 1521, the Oracle Multiprotocol Interchange listener is at 1526, Oracle Names is at 1575, and Oracle Connection Manager is at 1600. Client-to-server connections will normally start out going to 1521 or 1600 but may not remain there. It is not at all...

Turning Off Routing

If you have a dual-homed host that is not supposed to be a router, you will need to specifically disable routing. In order to act as an IP router, a dual-homed host needs to accept packets that are addressed to other machines' IP addresses, and send them on appropriately. This is known as IP forwarding, and it's usually implemented at a low level in the operating system kernel. An IP-capable host with multiple interfaces normally does this automatically, without any special configuration. Other...

BSD r Commands

The BSD r commands rsh, rlogin, rcp, rdump, rrestore, and rdist are designed to provide convenient remote access, without requiring the user to type a password, to services such as remote command execution rsh , remote login rlogin , and remote file copying rcp and rdist . These programs are extremely useful, but as we discuss later in this section, they are safe to use only in an environment in which all of the machines are more or less trusted to play by the rules. While it may be appropriate...

Denial of service

A denial of service attack is one that's aimed entirely at preventing you from using your own computers. In late 1994, writers Josh Quittner and Michelle Slatalla were the target of an electronic mail bomb. Apparently in retaliation for an article on the cracker community they'd published in Wired magazine, someone broke into IBM, Sprint, and the writers' network provider, and modified programs so their email and telephone service was disrupted. A flood of email messages so overwhelmed their...

The Tis Fwtk Authentication Server

The authentication server in TIS FWTK is a modular solution for authenticating users coming in from the Internet. The server implements a variety of authentication mechanisms, such as standard reusable passwords not recommended , S Key, Security Dynamics SecurID cards, and Digital Pathways SNK-004 cards. In addition, the server is modular and extensible, and is designed so that new authentication mechanisms can easily be integrated. A single authentication server can handle any number of client...

A firewall cant protect you against connections that dont go through it

A firewall can effectively control the traffic that passes through it however, there is nothing a firewall can do about traffic that doesn't pass through it. For example, what if the site allows dial-in access to internal systems behind the firewall The firewall has absolutely no way of preventing an intruder from getting in through such a modem. Sometimes, technically expert users or system administrators set up their own back doors into the network such as a dial-up modem connection , either...