network concept
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: network concept

  1. #1
    Senior Member mungyun's Avatar
    Join Date
    Apr 2004
    Location
    Illinois
    Posts
    172

    network concept

    Hi everybody.
    Seems like there's been some tension here lately, so hopefully this question will take minds elsewhere.
    I am having a hard time finding the best way to explain this, so bear with me.

    Now, A computer with a web server on it(Captain), connected to a firewalled computer(Grunt), which is then connected to a router and then the internet. And the data between the Captain and Grunt is encrypted. Grunt is basically a slave of Captain and does whatever the Cap'n wants. Nothing can access Captain but Grunt through a specific encrypted port. So, if a hacker looked at this network he would see only Grunt, right? Would this make Captain more secure? Is this already being used? Would this be a modified proxy? Does this question even make sense?
    I believe in making the world safe for our children, but not our childrenís children, because I donít think children should be having sex. -- Jack Handey

  2. #2
    Senior Member
    Join Date
    Jul 2002
    Location
    Texas
    Posts
    168
    A little more information would be required as in the ip address's of capt. and grunt. Yes it does make sense and yes it is already being used. I would call it more of a modified gateway than a modified proxy. There is a linux distro called ipcop which is similar to what your talking about. Its a gateway/firewall computer with snort, port forwarding, and dhcp along with some other stuff. Capt. is only as secure as the network as a whole, if you use weak passwords and such then all your setup does is making accessing capt more tedious to the hacker.
    As far as the hacker looking at the network goes, yes they would only be able to "see" grunt.

    Think that answers everything, and hopefully sheds some light.
    <chsh> I've read more interesting technical discussion on the wall of a public bathroom than I have at AO at times

  3. #3
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    What can happen if someone "hacks" Grunt?
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  4. #4
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    Darksnake gave you that answer SirDice:

    Originally posted here by Darksnake
    Capt. is only as secure as the network as a whole, if you use weak passwords and such then all your setup does is making accessing capt more tedious to the hacker.
    As far as the hacker looking at the network goes, yes they would only be able to "see" grunt.
    In other words, if grunt, its self, were protected by strong enough passwords and completely patched, with no known exploits, your network would be secure. If a user were to let a trojan, or worm into the network, as in opening an unknown attachment grunt would stop the out bound traffic, unless the trojan gained access to the passwords/encryption used to communicate with grunt. Which would be more likely than anyone finding an exploit for a fully patched and protected gateway, which is what grunt would be.

    The cracker would most likely attempt to by pass the gateway, and insert his attack into the network its self, than to attempt to find an exploit that would work againt the gateway.

    One real pro for this kind of system, is a port scan would not show a network behind grunt, but just grunt its self. And not having the signature of a more common router, might not trip to the fact it is acting like a gateway.
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  5. #5
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    If (hypothetically speaking ) Grunt gets 0wn3d isn't it possible to attack Captain using the available encrypted connection?

    So where is the added protection in encrypting the traffic between Grunt and Captain? IMO this will only add problems because you cannot use an IDS on that connection to alert you someone is doing something fishy.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  6. #6
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    if grunt is between network and captain, he is acting as a "firewall". But im not sure what grunt is REALLY doing with the communications packets that are flowing thru it. Do it analyse something?
    Since grunt is hidden captain, all "services" will appear as be provided by grunt, right?
    If grunt just transfer packets to/from captain, captain can be still attacked. For example, captain is running a http server and grunt is forwarding packets to captain:80. If grunt does nothing except forwarding, an atack can be done with some web server weakness.
    I cant see what encryption grunt:captain adds to external security. Does it serve to protect against INTERNAL network hacking? i can see only that purpose.
    Meu sŪtio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  7. #7
    Senior Member mungyun's Avatar
    Join Date
    Apr 2004
    Location
    Illinois
    Posts
    172
    What if you made your own service that handles the encryption, data, and direction. and this service runs on say, port 1001 on captain. No port 80. but grunt has port 80 and 1001 open. Assuming the code for this service has been done with security in mind and it is not open to the public, you could essentially "hide" that service from being seen by a normal user. Thus, the hacker would have a heck of a time figuring out whats going on even if grunt got 0wned.

    Come to think of it, what if grunt and captain were connected by a parallel port? Or, would this make things harder to set up?
    I believe in making the world safe for our children, but not our childrenís children, because I donít think children should be having sex. -- Jack Handey

  8. #8
    Senior Member
    Join Date
    Jul 2002
    Location
    Texas
    Posts
    168
    If grunt got owned, then grunt would serve as a remote shell allowing the attacker to see everything that grunt can see and thus expose the network. Grunt serves as a gateway/firewall the information going into grunt gets filtered before entering the internal network.
    Sir Dice, you can still use a ids on the incoming port from the internet which would inform you about these fishy things people try. Wouldnt you say?

    Yes all services will seem to be coming from grunt, and yes captain can still be attacked from port forwarding. But that is a whole different barrell of monkies that you are opening. Now then if this server is compromised by a remote exploit lets say a apache one for sake of discussion. Then more than likely the attacker would gain root privs. Now they just have to figure out how to access or manipulate a shell. If captain has a private ip that would make it more difficult and would rule out most script kiddies.

    Not knowing much about connecting computers through a parallel port. I would say yes that would be more difficult and im almost positive that it would slow down their communication speed. Personally i would not recommend it.
    <chsh> I've read more interesting technical discussion on the wall of a public bathroom than I have at AO at times

  9. #9
    Ninja Code Monkey
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027
    I'm kind of lost as to why you would only encrypt the communications between the web server and the proxy/gateway.

    Generally you will have this kind of stuff in a DMZ that has limited access and is monitored all to hell. It won't stop anyone on the outside from doing anything, they will see grunt, attack grunt, and deal with captain through grunt which is allowed to communicate with it.

    If grunt is the only one allowed to talk to captain, you are going to have all kinds of fun updating content, doing general administration, and have a single point of failure when it comes to the services you offer.

    Not to mention that it is somewhat inefficient to go through and encrypt absolutely all communication between the two boxes. I know alot of people turn on encryption between their web and database servers....that makes sense. This doesn't make any sense to me however...
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X

  10. #10
    Senior Member mungyun's Avatar
    Join Date
    Apr 2004
    Location
    Illinois
    Posts
    172
    Right, I wasn't sure if encryption would help or not(It seemed to make less sense the more I looked at it).
    Also, If you accessed a site, you wouldn't know how that computer was set up in a network, unless you looked around a little. So assuming a hacker got into grunt, I would figure this kind of network setup is not real common and the hacker might not (depending on intent) realize that grunt is relaying info from capt.
    I gotta go to class now. be back
    I believe in making the world safe for our children, but not our childrenís children, because I donít think children should be having sex. -- Jack Handey

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •