Carl,
I must be losing you somewhere.
Please explain to me how someone would be able to flood any address on your
internal network if you are using illegal ip addresses. From my
experiences when we, sitting on the outside network, even try to hit and RFC
address a router somewhere along the way sends back a reply message stating that
the network is unreachable. If you're running a network with all routable
IP's that can be reached from the outside world then I can understand your
point, but if that is the case is this not the reason why you put a firewall
between yourself and the outside world. A properly configured firewall,
while not able to provide 100% protection but used in conjunction with the
assistance of one or another intrusion detection device, should be able to
provide against such attacks. With these two in place a service connect
scan would give you open ports the firewall is listening for on behalf
of the internal machines, and once again I say a properly
configured FW can help prevent from people being able to exploit
these.
A security policy will only give you
ample protection from the people you've kept in mind while configuring it, but
of course this is something that we all, as the security minded
professionals that we are, always keep in mind, right.
Juan Concepcion Network Engineer/Security Consultant CCSA/CCSE E-Mail:
[email protected]
If
it's just a DDoS, they can flood a single address (in use or not) on your
subnet and
have
the affect of killing your entire subnet if you can't handle the traffic
load.
There are other ways of scanning/finding hosts than
just using ICMP.
1)
you can just do a service connect scan.
2)
you can dig into their DNS zone and see what you can find. Often people will
use a
naming scheme which you can infer other hostnames
from. etc. Sometimes they
might just return ALL records...
People can't attack what they can't
see/detect.
Juan Concepcion Network Engineer/Security Consultant CCSA/CCSE E-Mail:
[email protected]
How does blocking ICMP make my firewall more
secure?
|