Thanks Keith, you make me feel a little bit more comfortable. Since, some kind of security specialist who wants me to be very afraid (because he has services to sell) told me the following: 1) he claims most of the attack today occur below IP (I am unsure of this), 2) he claims my DMZ (ethernet) can be reached by encapsulating ethernet frames within an IP packet and that 3) using this way (or another ?) it is easy to attack my hosts using low-level protocols weakness (arp, and so on) His conclusion is that we're weak - of course. What do you think of this ? I am browsing the net since a couple of hours looking for information about that kind of treads but can hardly find relevant references. Olivier. At 07:55 AM 3/1/02 -0500, you wrote:
On Fri, Mar 01, 2002 at 10:20:05AM +0100, Olivier Hislaire wrote:
Hi,
I've heard about possible attacks below osi levels 2 and 3, i.e. againts the network card driver and the HW or something like that. Does anybody know something about ? Is there somewhere specific documentation / information / tools to document and address that kind of vulnerability ?
Any info appreciated,
Olivier.
The only thing below OSI layer 2 is the physical layer. I've never heard of attacks on the firmware of a network card unless it somehow allows remote flash upgrades or something. I don't think you have much to worry about. Also, remember that TCP/IP doesn't use OSI protocols, it is a 4 layer system that doesn't map very well to the OSI model.
Most modern attacks are actually above layer 3 using buffer overflows or flaws in things like web scripting services (CGI, ASP, PHP), FTP servers, Mail servers, etc. And the most popular in the Windows world are executable e-mail attachments.
Here are some good security sites to bookmark:
http://www.cert.org/ http://www.securityfocus.com/ http://www.antionline.com/
Regards, Keith
LPIC-2, MCSE, N+ wielder of vi(m), an ancient, dangerous and powerful magic Don't get lost, show no fear, and you'll be ready for a new frontier -- d.w.
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com
------------------------------------------------------------------------------------------------ Olivier Hislaire MSG International Email: O.Hislaire@msg-i.com 97 Avenue de Tervuren Phone: +32 (0)2 735.91.59 Ext. 55 1040 Brussels Fax: +32 (0)2 732.12.19 Belgium http://www.msg-i.com ------------------------------------------------------------------------------------------------