[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference smurf::dec_mls_plus

Title:	dec_mls_plus

Moderator:	SMURF::BAT

Created:	Mon Nov 29 1993
Last Modified:	Thu Jun 05 1997
Last Successful Update:	Fri Jun 06 1997
Number of topics:	534
Total number of notes:	2544

408.0. "MLS+ 3.1 vulnerable to ping attack" by RHETT::MOORE () Wed Oct 23 1996 09:14

T.R	Title	User	Personal Name	Date	Lines
408.1	in progress, will be available very shortly	SMURF::BAT	Segui la tua beatitudine	`Thu Oct 24 1996 14:58`	11
408.2	There will also be one for V4.0 EFT shortly	SMURF::BAT	Segui la tua beatitudine	`Thu Oct 24 1996 16:26`	11
408.3	I put it on our FTP server	RHETT::MOORE		`Fri Oct 25 1996 08:46`	11
408.4	yes, we never work outside the firewall :-)	SMURF::BAT	Segui la tua beatitudine	`Fri Oct 25 1996 19:39`	3
408.5	Does MLS Support Ping?	ADISSW::FERRARA		`Tue Feb 04 1997 17:03`	5
	Niave question...does MLS+ support the ping command? -Bob
408.6	yes	COMICS::CORNEJ	What's an Architect?	`Tue Feb 04 1997 17:21`	5
	I don't know about "support" (it is an emotive word for me :-), but ping is certainly there (and works) in 3.1a. Jc
408.7	ping or ICMP functions?	SMURF::BAT	Segui la tua beatitudine	`Tue Feb 04 1997 21:11`	31
	Not a naive question -- or I may be reading into your inquiry more than is there (paranoia?? me????) 1. If you feel concern that, by supporting ping, MLS+ systems leave themselves vulnerable to "discovery" by systems out there trying to find you and attempt to break in, then: a. Note that you can turn off "node recognition". In MLS+ V2, invisibility was the norm. In V3 and V4 you can make it so. A V2 MLS+ system discarded net traffic from any system that did not have a valid entry in its local TNETRHDB file. V3 and V4 provide a "default" entry so that you do not have to have a specific entry for every system that is allowed to send you traffic -- but you can eliminate the default (system is shipped with a default defined :-o) or limit it to local IP address classes. b. Use a firewall. This is true whether you are vanilla or MLS+ if you want to hide nodes. Gateways can also screen traffic. 2. If you are concerned about ICMP redirect (instead of just ICMP echo) then you should be able to just use fixed arp values. True for vanilla too. 3. If you are concerned about turning off IP_FORWARDING, patch your kernel and turn it off. (At least that was the way Andy figured to do it in V2. It may be a configurable kernel option in V3 or V4 for all I know.) (ref: eft_mls 276)
408.8	going going gone	SMURF::BAT	Segui la tua beatitudine	`Tue Feb 04 1997 21:28`	23
	Oh, yes, John thanks for reminding me :-) > If you feel concern that, by supporting ping, MLS+ systems ^^^^^^^^^^ In V3 and V4, ping is a "trusted" application, i.e., an unprivileged user can issue the command, provided that the user has been given the "ping" command authorization. In V2 MLS+ ping had not been modified to be a "trusted" application, but it was available to the privileged user. An unprivileged user could not by default issue the ping command (if you wanted unprivileged users to issue ping, you'd have to give ping itself a granted priv). In either case, a user on an MLS+ system cannot issue the ping command unless allowed to do so by the system administrator/ISSO. So yes, it is truly supported. (In my earlier reply I was thinking that you meant the other way around, i.e., does an MLS+ system respond to a ping from another system: respond with an ICMP echo reply when it gets an ICMP echo request from another system.)
408.9	thanks	ADISSW::FERRARA		`Wed Feb 05 1997 10:11`	3
	Thanks for the info... -Bob
408.10	i don't know, will ask Andy tomorrow	SMURF::BAT	Segui la tua beatitudine	`Mon Feb 10 1997 19:33`	2
	Phil Becker asks... can you turn off ping (echo_reply) to hosts that are defined in the TNETRHDB?