Full Disclosure mailing list archives
Re: Re: Empirical data surrounding guards and firewalls.
From: James Tucker <jftucker () gmail com>
Date: Fri, 3 Sep 2004 11:49:25 +0100
Yes, I realised that last night. It is interesting, but I think in his attempt to disproove the anology, he came up with a very comparable one. The firewall at McDonalds.com seems to filter all data to all ports other than port 80. You cant enter a McDonalds resteraunt through anything but the door. The firewall is not content filtering, thus does not stop bad requests passign through it. The door does not stop people for incorrect attire. The webserver returned a 404 error when a request was made for something which did not exist there. It is now at this point we start to see this anology fall down, but that is because the two situations are in fact different. Technically, you could argue that the poor attire was in breach of protocol. This would prompt a different response than the equivalent supplied here in the example of the virtual world. More accurately, the packet (Evol) was should not have been in breach of protocol, as his virtual packet never was. In fact he should have requested something that was not on the menu. The response would have been very much like Error 404 Item On Menu Not Found. Of course anaolgies fall down when they are not actually built to be the same thing. Without adding more kindling to the fire, this is possibly one of the better analogies I have seen for a simple allowed connection to a webserver. Now the problem with explanding an anaolgy is that it is hard to find appropriate comparative things. Lets use an example of one of the old IIS exploits. The erronous data for many of the old IIS exploits is actually a breach of the HTTP protocol. Some firewalls can use content filtering against this, this would be comparable to a "detector" on the door looking for a person (packet) carrying an illegal object (an illegally formed request). If the firewall is not content filtering the data reaches the webserver, and the webserver DoSes when the data is read. Well, this is hard to equate; its like the person walking up to the attendant and shouting at them in a forreign language, with sufficient intensity to knock them unconcious. Unconcious is difficult still, as neural nets (brains) are very good at recovering from this kind of problem, whereas computers end up in infinate loops with equal ease. It is likely that abstraction is a better way of teaching this kind of thing. You need to teach at one level in the stack at a time. The other levels could be thought of as having interfaces, and you can maybe describe some functionality of the interface in a less than fully accurate way. But... It's a bit like trying to teach RF to an IP guy though, much of the time they just dont get it. Anyway, I think Frank has some very well written arguments on this problem, I don't feel we are going to be able to develop much more useful from the discussion until a good idea for a solution to the lack of time vs. not using anolgies problem is found. Who ever said teaching was easy? EOF, EOT, EOD. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Re: Empirical data surrounding guards and firewalls., (continued)
- Re: Re: Empirical data surrounding guards and firewalls. gadgeteer (Sep 10)
- Re: Re: Empirical data surrounding guards and firewalls. Valdis . Kletnieks (Sep 10)
- Message not available
- Re: Empirical data surrounding guards and firewalls. Byron L. Sonne (Sep 08)
- Re: Empirical data surrounding guards and firewalls. Valdis . Kletnieks (Sep 09)
- Re: Empirical data surrounding guards and firewalls. Valdis . Kletnieks (Sep 02)
- Re: Empirical data surrounding guards and firewalls. Valdis . Kletnieks (Sep 02)
- Re: Empirical data surrounding guards and firewalls. Frank Knobbe (Sep 02)
- Re: Empirical data surrounding guards and firewalls. MN Vasquez (Sep 02)
- Re: Empirical data surrounding guards and firewalls. Manohar G Singh (Sep 03)
- Re: Empirical data surrounding guards and firewalls. gadgeteer (Sep 03)
- Re: Re: Empirical data surrounding guards and firewalls. James Tucker (Sep 03)
- Message not available
- Re: Empirical data surrounding guards and firewalls. James Tucker (Sep 03)