[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: [LI] Machine with private IP address on Internet (May be offtopic?)



On Tue, 28 Sep 1999, Srikrishnan Chitoor wrote:

*>
*>(a) Cracker can use methods M1, M2 and M3 to crack a machine with static IP
*>address behind a firewall.
*>(b) Cracker has only access to M4 for accessing a machine with non-routable


Well one thing, what are you going to do with a machine with non-routable
IP number connected to Internet. (Just want to see how many can crack ur
system, I remember M$ exp on this :-)). Since you really can not do much
with a machine with private IP address on Internet, not many ppl have
thought of cracking a host with provate IP numbers. So a a sort of safe,
but what do you achieve with this ?? !!


*>IP address even if it is not behind a firewall.
*>
*> Atul talked about IP spoofing (any pointers to resources on the net which
*>talk about this?). Are there any other ways.


Spoofing was very common in older sun yp. Spoofing is making the client to
believe you as the server, like configuring a fake ypmaster and get yp
passwd fo clients. Also there is snooping, where you just capture
all packets on network. (man tcpdump)

- -Chetan S

*>
*>-Krishnan.
*>----- Original Message -----
*>From: <binand@xxxxxxxxxxxxxxxxxxxxx>
*>To: <linux-india@xxxxxxxxxxxxxxxxxxxxx>
*>Sent: Monday, September 27, 1999 6:41 PM
*>Subject: Re: [LI] Machine with private IP address on Internet (May be
*>offtopic?)
*>
*>>My 2 cents worth on this.
*>>
*>>If your ISP assigns you a dynamic IP address, then knowing that address, I
*>>can attack your system. The IP addres 192.168.1.100 is typically assigned
*>>to the eth0 interface, whereas the dynamic address is assigned to the
*>>ppp0/ippp0 interface of the dialup connection. It is always advisable to
*>>have a firewall if you are afraid of cracker attacks (to verify this,
*>>connect to the internet, note the dynamic IP address, go to another
*>>computer - also on the net - and try to telnet to your linux machine
*>>using the dynamic IP address).
*>>
*>>Of course, a static IP address is known all over the world, while a
*>>dynamic one gets changed quite frequently, so to find out the dynamic
*>>address is a task on its own. In any case, it is better to have a firewall
*>>to block off those unwanted people trying to crash your computer.
*>>
*>>VSNL, in Bombay, assigns IP addresses in the range 202.54.*.*. It is
*>>possible to write code to loop over this set of IP addresses and locate
*>>the linux machines among these. The easiest way (I think) is to try to
*>>establish a TCP/IP connection to one of the well known ports and try to
*>>figure out what the system is from the response (eg, version numbers of
*>>programs on smtp, pop-3, ftp ports etc.)
*>>
*>>So, whatever the kind of internet connection you have, it is always
*>>better to set up a firewall. With a static IP address, it becomes almost
*>>mandatory. :-)
*>>
*>>Binand
*>
*>
*>
*>--------------------------------------------------------------------
*>For more information on Linux in India visit http://www.linux-india.org/
*>The Linux India mailing list does not accept postings in HTML format.
*>

ATM: A Technical Mistake 
- ---  - -         -

- --------------------------------------------------------------------
For more information on Linux in India visit http://www.linux-india.org/
The Linux India mailing list does not accept postings in HTML format.

------------------------------