Security of IP to IPX internet gateway -Reply

[Arjan Vos]

On Wed, 13 Aug 1997, Bert Boerland wrote:

> Dear all,
>
> The customer of us has an IPX network and connects this via IPExchange (a
> Cisco product) to a cisco router that is completely open. I would like to
> know how big the security related risks are for this.

You're talking about a Internet-connected router here? Any how, if
everything is open than one may try to gain access to the router (over IP)
and from there on try to connect to the IPX-network. I am not familiar
with Cisco IPExchange, but you better verify wether administrative ports
or the Cisco Discovery Protocol have been closed/disabled.

>
> Is it possible to create IPX packets within TCP/IP that can reach the inside
> of the network? And can data/machines be compromised?
>

I haven't tried this with IPX but I tried something similar on a
DEC router with Decnet on one side and IP on the other. I created IP
packets with decnet packets wrapped inside and after removing the IP part
the router forwarded the decnet packets without further checking; thus
creating a covert channel or tunnel. Maybe this might also be possible
with IPX into IP. Anyhow, I think that filters should always be put in
place.

Gr. Arjan

--
Eat hard
Sleep hard
Wear glasses if you need them