Mitigating Port Redirection AttacksMitigating port redirection requires the use of good trust models. Trust models can be implemented by proper access restrictions between hosts. As long as there is an implicit trust between hosts that is based on IP addresses, the problem of port redirection will not be solved. A host-based IPS can be used to detect and possibly prevent an attacker who is trying to install port redirection software, such as HTTPtunnel or NetCat, for use in a port redirection attack. In Figure 9-3, the firewall permits any machine on the Internet to connect to the web server on the DMZ. Additionally, the firewall permits all traffic from the DMZ into the internal LAN and permits all traffic from the DMZ to the Internet. Finally, the firewall permits all traffic from the internal LAN going out. Figure 9-3. Port Redirection AttackAn attacker can exploit a vulnerability in the web server to gain access to that host. Once access to the web server in the DMZ is obtained, the attacker can set up port redirection software to redirect traffic so that the traffic connects to the system on the internal LAN. In |