Network security

Kurt Seifried, [email protected]

Suidnet - An Ongoing Solution

I come not to bury Suidnet, but to praise it. Well, that is not entirely true - there are still some significant problems with Suidnet, but it looks to be the start of something good. I wouldn't be surprised if you haven't heard of Suidnet. It's an effort by IRC and security enthusiasts to create a more secure IRC network.

Denial of Service (DoS) FAQ

This FAQ covers denial of service attacks (DoS) in great depth, and has links to software that can be used to execute DoS attacks, we do not condone or encourage the use of this software, however we feel that since the "bad people" (or just curious people) can find it easily, we might as well tell you where it is. Also, reviewing the DoS attack code can be helpful in assisting you in finding evidence of compromised systems, particularly if you do not have security scanning packages.

Problems with the FTP protocol

FTP used to be the king of the Internet, if you wanted to download something you went to your favorite ftp server or used Archie to find the file. Even today the number of ftp servers is staggering, and many ftp sites contain several hundred gigabytes of online archives (take a look at your local sunsite). FTP was built to be an extremely flexible protocol, and therein lie many of it's problems. The FTP protocol not only allows you to transfer files from an ftp server to your machine but from one ftp server to another ftp server directly.

Passive OS Detection and Source Ports

Passive OS detection is an increasingly useful technique. People want to generate statistics on who's connecting to their machines, and administrators want to determine what is attacking them. The beauty of passive OS detection is that avoiding or faking it out takes a reasonable amount of work and expertise, and most won't bother. There are a variety of packet fields that can be used to identify the remote OS; TTL field, window size, don't fragment and so on. This is largely due to the fact that while TCP/IP stacks are interoperable, there are major variations in the way they handle various details that are set in the packet headers.

DNS server infrastructure

It's funny to see the Internet sneaking up on businesses and becoming a critical component, without many people seeming to realize it. Many businesses now rely heavily on email as a messaging system, the use of web servers to distribute corporate data and allow access to a variety of services. All these services rely on DNS. DNS is the directory to the Internet, it maps names such as to IP addresses such as To see a fortune 100 company, such as Microsoft, suffer a multi-day outage because their DNS infrastructure is not up to the task is disturbing indeed.

Firewalls - it's time to evolve or die

I come not to praise firewalls but to tear them apart and expose their soft underbelly. However a disclaimer first: even though there are many problems with firewalls and they are far from perfect you are probably better of leaving them in, they are better than nothing most of the time. In some cases they are about the only major line of defense for many networks (more on this particular issue later) so please do not remove your firewall without some serious thought. I hope I am being clear enough, if you still think I am advocating the removal of firewalls stop reading now and please do not email me.
There was a time (believe it or not) when firewalls were a pretty new concept, and many people thought that only the government, military and other paranoid organizations would ever use them. However the Internet expanded at a furious rate and all sorts of people become connected, many of whom have hostile intentions. Add to this the sheer number of network services on most networks now (file and print sharing, user authentication, interactive services, email, web, etc.) and there are plenty of network services to be exploited and abused. There are two primary types of firewall currently in use, network and application. Firewalls are good at many things, and also very poor at others.

Future Denial Of Service Attacks

Denial of service attacks are a part of life on the Internet. They are generally speaking the easiest attacks to commit since they require minimal skill, only a minimum of knowledge about your intended victim's network, and can be done relatively anonymously. Businesses and their customers are beginning to rely on the availability of corporate web servers to conduct basic business tasks, such as collaborating on projects, retrieving email securely, checking the status of their pension fund, and so on.



Last updated 23/10/2001

Copyright Kurt Seifried 2001