Those are typically called "man in the middle" attacks.  The issue with
these security breeches is not with the router, it is with the application
you are interfacign with.  Besides intercepting the data stream, the
attacker also needs to knwo how to interface with the client and act liek
the server.

And in all actuality, the attacker doesn't "reroute" data to him.  He
intercepts and modifies the data in the stream.  Think of it as a truck
driver.  You leave Atlanta to go to Boston with a load of peaches.  You get
stopped in Philadelphia and without you knowign it, soemone throws a dead
body in the truck as well.  You still get to Boston liek you intended, but
you arrive with a different cargo of data than expected.

Now, it is up to how the loading dock in Boston handles it.  In a properly
built program, any unusual "cargo" that arrives, it should catch and alert
autorities (generate an error and handle it appropriately).  A bad program
will nto care, dumpt he body alogn the side of the buildign and let it cause
problems.

Again, an overly simplistic analogy, but should give you the idea.  You are
getitng itno things that firewalls are not meant to protect against.  Thsoe
are typically application level security.  A firewall is jsut border patrol
and traffic cop.  It doesn't inspect the purpose of the data.  It jsut makes
sure everythign gets to where it is supposed to.

----- Original Message ----- 
From: "Dan Bale" <dbale@xxxxxxxxxxxxx>
To: "PC Technical Discussion for iSeries Users" <pctech@xxxxxxxxxxxx>
Sent: Thursday, July 29, 2004 12:43 PM
Subject: RE: [PCTECH] Need firewall protection,


> OK, it is starting to sink in. <g>  NATing routers block/deflect all
> "uninvited" guests.
>
> I am going to ask one more question relating to this.  Couldn't a router
be
> fooled, "spoofed" if you will, by an "uninvited" guest on the outside
> sending something to the router so that it believes it is a result of
> something initiated on my PC?
>
> Or are there just too many variables for it to happen?
>
> Let me suppose the following high-level pseudo scenario:
>
> A potential "uninvited" guest is monitoring traffic between my firewall
and
> the website I am visiting.  The website sends something back, which the
> firewall accepts based on the information being sent back.  What's to say
> that that information couldn't be intercepted to capture the "keys" that
the
> router needs to let it in, and then use those "keys" to send something to
> the router that the website didn't send?  How does the router/firewall
> assure that the information it receives is coming from a source that the
PC
> initiated?
>
> Thanks again for all the replies!  I have learned an enormous amount from
> you guys, and I really appreciate it!
>
> - Dan
>
> --
> This is the PC Technical Discussion for iSeries Users (PcTech) mailing
list
> To post a message email: PcTech@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/pctech
> or email: PcTech-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/pctech.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.