Check Point NG: Next Generation Security Administration
Learn to implement a strong security solution using Check Point VPN-1/FireWall-1.
TABLE OF CONTENTS Check Point NG: Next Generation Security Administration
Down and Dirty: Engineering Spoofing Systems
We've discussed antispoofing measures from trivial to extensive, but a simple question remains: How do we actually build a system to execute spoofs? Often, the answer is to study the network traffic, re-implement protocol messengers with far simpler and more flexible code, and send traffic outside the expectations of those who will be receiving it.
Spitting into the Wind: Building a Skeleton Router in Userspace
For ultimate flexibility, merely relying on command-level tools is ultimately an untenable constraint: Actual code is needed. However, too much code can be a hindrance the amount of functionality never employed because it was embedded deep within some specific kernel is vast, and the amount of functionality never built because it wouldn't elegantly fit within some kernel interface is even greater. Particularly when it comes to highly flexible network solutions, the highly tuned network implementations built into modern kernels are inappropriate for our uses. We're looking for systems that break the rules, not necessarily that follow them.
It's robustness in reverse.
What we need is a simple infrastructure within which we can gain access to arbitrary packets, possibly with, but just as well without, kernel filtering, operate on them efficiently but easily, and then send them back out as needed. DoxRoute 0.1, available at www.doxpara.com/tradecraft/doxroute and documented (for the first time) here, is a possible solution to this problem.
Designing the Nonexistent: The Network Card That Didn't Exist but Responded Anyway
As far as a network is concerned, routers...
Copyright Syngress Publishing, Inc. 2002 under license agreement with Books24x7
