|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: TCP-ACK vulnerability (was RE: SSH on the router)
Do you have any (even minimal) need to allocate globally routable IP to the VLAN1 interface? Other thing is that, even if I can find your switch, I will not have any minimal idea, that it is _your_ switch and any minimal need to break it. You can (easily) allocated all switch and router loopback IP in private network many years ago, and filtered out this network on all inbound interfaces. Even if I (if been a hacker) scan your networks and find this switch (and you did not moved it out of routable P), I will have not any idea, what is it about, where this switch is, and have not any reason to break it... ----- Original Message ----- From: "Sean Donelan" <[email protected]> To: <[email protected]> Sent: Thursday, June 10, 2004 4:19 AM Subject: Re: TCP-ACK vulnerability (was RE: SSH on the router) > > On Wed, 9 Jun 2004, Alexei Roudnev wrote: > > This is minor exploit - usually you set up VLAN1 interface with IP addres, > > which is filterd out from outside. Moreover, there is not any good way to > > find switch IP - it is transparent for user's devices. > > Yeah, port scanners are so rare on the Internet they'll never find your > IP address. Its not as if the switches have an easy to detect banner > signature, and everyone uses out-of-band management for all their network > equipment. >
|