[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Empirical data surrounding guards and firewalls.
- To: MN Vasquez <mnv@xxxxxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-Disclosure] Empirical data surrounding guards and firewalls.
- From: Manohar G Singh <seclistaddress@xxxxxxxxx>
- Date: Fri, 03 Sep 2004 09:05:24 -0700
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Yep, very true. Especially if some of them happen to be of the fairer
sex, and happen to be missing a few buttons. (the buttons, is there
an analogy to this in the 'Virtual World' ?)<br>
<br>
<br>
;-)<br>
<br>
<br>
MN Vasquez wrote:
<blockquote cite="mid001f01c49154$7d0386c0$fc09a8c0@PC1221" type="cite">
<pre wrap="">Hrm. I think if enough people wearing only shirts and shoes ran
into
mcdonald's, at least some of the would get in, and not be blocked by the
rule.
----- Original Message -----
From: "James Tucker" <a class="moz-txt-link-rfc2396E"
href="mailto:jftucker@xxxxxxxxx";><jftucker@xxxxxxxxx></a>
To: <a class="moz-txt-link-rfc2396E"
href="mailto:evol@xxxxxxxxxxxxxx";><evol@xxxxxxxxxxxxxx></a>
Cc: <a class="moz-txt-link-rfc2396E"
href="mailto:full-disclosure@xxxxxxxxxxxxxxxx";><full-disclosure@xxxxxxxxxxxxxxxx></a>
Sent: Thursday, September 02, 2004 3:15 PM
Subject: Re: [Full-Disclosure] Empirical data surrounding guards and
firewalls.
</pre>
<blockquote type="cite">
<pre wrap="">Apologies, please explain the lack of differences, I'm not
getting them.
Virtual:
"The door" - Port 80 - Closed after connection attempt. You come back,
it does the same, and then closes again. 404 Error not being
dissimilar to being told to get out.
Real:
Cops show up - As with the firewall, it does not actively stop you
from reconnecting. McDonalds staff did not prevent you from
re-entering the premesis themselves.
Measures in Both:
In the event of reconnection attempts the firewall logs would indicate
an attack and external policing would have to deal with the problem.
As far as I can see it the only difference is scaling, you can make
many many millions of requests before a flood warning appears, whereas
you only need to refuse to leave a few times before the police are
called. I guess humans have less patience than computers.
Of course I could be missing something?
Oh yeah, I did miss something, you can't "disconnect" someone from
being present in the building, as you can with a socket on a server.
But with reconnection scaling, is that really relevant? A little,
moreso in some circumstances, but not in this one.
Why complain about anologies when your response contains anaolgies
such as this one.
Did you really go into McDonalds and harrass the staff today and get
taken away by the police? Please say yes, that would make my day. ROFL
:)
On Thu, 2 Sep 2004 14:45:56 -0500 (CDT), <a class="moz-txt-link-abbreviated"
href="mailto:evol@xxxxxxxxxxxxxx";>evol@xxxxxxxxxxxxxx</a>
<a class="moz-txt-link-rfc2396E"
href="mailto:evol@xxxxxxxxxxxxxx";><evol@xxxxxxxxxxxxxx></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Target:
------
-Firewall
-McDonald's guard
Materials:
---------
-(1) Evol
-(1) Shoes
-(1) Shirt
-(1) Computer
-(1) Internet connection
-(1) Firewalled host
Procedure:
---------
For each target, undergo the following steps:
1.) Enumerate an acceptable entrance policy.
2.) Attempt to enter while following entrance policy.
Data:
-----
Firewall:
--------
The firewall at internet host <a
class="moz-txt-link-abbreviated"
href="http://www.mcdonalds.com";>www.mcdonalds.com</a> accepts
connections to TCP/IP port 80. Rules are similar to
</pre>
</blockquote>
</blockquote>
<pre wrap=""><!---->'DENY
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap=""> ALL EXCEPT TCP PORT 80' So make connection
to port 80
</pre>
</blockquote>
</blockquote>
<pre wrap=""><!---->and
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap=""> note results.
Results:
-------
Normal transaction was accepted. See results:
HTTP/1.1 400 Bad request
Server: Netscape-Enterprise/4.1
Date: Thu, 02 Sep 2004 XX:XX:XX GMT
Content-length: 147
Content-type: text/html
Connection: close
Store:
-----
The store at the location closest to me was chosen as a
specific target. The entrance policy is:
'IF (NOT SHOES) OR (NOT SHIRT) DENY'
So, evol enters store with only shoes and a shirt.
Data:
----
Evol was rejected conduction of normal buisness. No
Big Mac today, get out! Then, when Evol tries to
proceed anyway, cops take Evol out of McDonalds.
Conclusion:
----------
People and firewalls are different.
</pre>
</blockquote>
<pre wrap="">_______________________________________________
Full-Disclosure - We believe in it.
Charter: <a class="moz-txt-link-freetext"
href="http://lists.netsys.com/full-disclosure-charter.html";>http://lists.netsys.com/full-disclosure-charter.html</a>
</pre>
</blockquote>
<pre wrap=""><!---->
_______________________________________________
Full-Disclosure - We believe in it.
Charter: <a class="moz-txt-link-freetext"
href="http://lists.netsys.com/full-disclosure-charter.html";>http://lists.netsys.com/full-disclosure-charter.html</a>
</pre>
</blockquote>
<br>
</body>
</html>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html