Mailinglist Archive: opensuse (3644 mails)

< Previous Next >
Re: [SLE] security below osi level 3
Thanks Keith, you make me feel a little bit more comfortable.

Since, some kind of security specialist who wants me to be very afraid (because he has services to sell) told me the following:

1) he claims most of the attack today occur below IP (I am unsure of this),
2) he claims my DMZ (ethernet) can be reached by encapsulating ethernet frames within an IP packet and that
3) using this way (or another ?) it is easy to attack my hosts using low-level protocols weakness (arp, and so on)

His conclusion is that we're weak - of course. What do you think of this ? I am browsing the net since a couple of hours looking for information about that kind of treads but can hardly find relevant references.

Olivier.

At 07:55 AM 3/1/02 -0500, you wrote:
On Fri, Mar 01, 2002 at 10:20:05AM +0100, Olivier Hislaire wrote:
> Hi,
>
> I've heard about possible attacks below osi levels 2 and 3, i.e. againts
> the network card driver and the HW or something like that. Does anybody
> know something about ? Is there somewhere specific documentation /
> information / tools to document and address that kind of vulnerability ?
>
> Any info appreciated,
>
> Olivier.

The only thing below OSI layer 2 is the physical layer. I've never
heard of attacks on the firmware of a network card unless it somehow
allows remote flash upgrades or something. I don't think you have much
to worry about. Also, remember that TCP/IP doesn't use OSI protocols, it
is a 4 layer system that doesn't map very well to the OSI model.

Most modern attacks are actually above layer 3 using buffer overflows or
flaws in things like web scripting services (CGI, ASP, PHP), FTP servers,
Mail servers, etc. And the most popular in the Windows world are
executable e-mail attachments.

Here are some good security sites to bookmark:

http://www.cert.org/
http://www.securityfocus.com/
http://www.antionline.com/

Regards,
Keith
--
LPIC-2, MCSE, N+
wielder of vi(m), an ancient, dangerous and powerful magic
Don't get lost, show no fear, and you'll be ready for a new frontier -- d.w.

--
To unsubscribe send e-mail to suse-linux-e-unsubscribe@xxxxxxxx
For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
Also check the FAQ at http://www.suse.com/support/faq and the
archives at http://lists.suse.com

------------------------------------------------------------------------------------------------
Olivier Hislaire

MSG International Email: O.Hislaire@xxxxxxxxx
97 Avenue de Tervuren Phone: +32 (0)2 735.91.59 Ext. 55
1040 Brussels Fax: +32 (0)2 732.12.19
Belgium http://www.msg-i.com
------------------------------------------------------------------------------------------------




< Previous Next >
Follow Ups