Check Point NG: Next Generation Security Administration
Learn to implement a strong security solution using Check Point VPN-1/FireWall-1.
TABLE OF CONTENTS Check Point NG: Next Generation Security Administration
Appendix B: Spoofing: Attacks on Trusted Identity
In this Appendix, we will make a slight departure from focusing on securing your network using Check Point products, and instead focus on the theories and methodologies behind spoofing attacks. To successfully secure your systems, you must understand the motives and the means of those who intend to launch a malicious attack against your network. In this Appendix Dan "Effugas" Kaminsky, world-renowned cryptography expert and frequent speaker at the Black Hat Briefings and DEF CON, provides invaluable insight to the inner workings of a spoof attack. Look for the Syngress icon in the margin to find utilities and code samples, which are available for download from www.syngress.com/solutions.
Introduction
I shall suppose, therefore, that there is, not a true Network, which is the sovereign source of trust, but some Evil Daemon, no less cunning and deceiving than powerful, which has deployed all of its protocol knowledge to deceive me. I will suppose that the switches, the admins, the users, headers, commands, responses and all friendly networked communications that we receive, are only illusory identities which it uses to take me in. I will consider myself as having no source addresses, obfuscated protocols, trusted third parties, operational client code, nor established state, but as believing wrongly that I have all such credentials. Dan "Effugas" Kaminsky
Copyright Syngress Publishing, Inc. 2002 under license agreement with Books24x7
