Specifications

ManualsBrandsCabletron Systems ManualsNetwork CardE2100

211

212

213

214

215

216

217

218

219

220

Network Security

Finally, we want to mention “spooﬁng”, an attack where packets are modiﬁed

to contain counterfeit source data, mostly the IP address. Most active forms

of attack rely on sending out such fake packets — something that, on a Linux

machine, can only be done by the superuser (root).

Many of the attacks mentioned are carried out in combination with a DoS. If

an attacker sees an opportunity to abruptly bring down a certain host, even if

only for a short time, it will make it easier for him to push the active attack,

because the host will not be able to interfere with the attack for some time.

DNS Poisoning

DNS poisoning means that the attacker corrupts the cache of a DNS server

by replying to it with spoofed DNS reply packets, trying to get the server to

send certain data to a victim who is requesting information from that server.

To foist such false information onto the server in a credible way, normally the

attacker must have received and analyzed some packets from it. Given that

many servers are conﬁgured to maintain a trust relationship with other hosts,

based on IP addresses or host names, such an attack may be successful in a

relatively short time. On the other hand, it also requires quite an effort. In

any case, the attacker will need a good understanding of the actual structure

of the trust relationships between hosts. The attacker often needs to target

a well-timed DoS attack at the name server, as well. Protect yourself by us-

ing encrypted connections that are able to verify the identity of the hosts to

which to connect.

Worms

Worms are often confused with viruses, but there is a clear difference be-

tween the two. Unlike viruses, worms do not need to infect a host program

to live. Rather, they are specialized to spread as quickly as possible on net-

work structures. The worms that appeared in the past, such as Ramen, Lion,

or Adore, make use of well-known security holes in server programs like

bind8 or lprNG. Protection against worms is relatively easy. Given that

some time will elapse between the discovery of a security hole and the mo-

ment the worm hits your server, there is a good chance that an updated ver-

sion of the affected program will be available on time. Of course, that is only

useful if the administrator actually installs the security updates on the sys-

tems in question.

Some General Secur ity Tips and Tricks

Information: To handle security competently, it is important to keep up with

new developments and to stay informed about the latest security issues. One

205SuSE Linux – Firewall on CD2