Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uwm.edu!bionet!agate!ucbvax!srlvx0.srl.ford.com!DAMIAN From: DAMIAN@srlvx0.srl.ford.com ("Jerry Damian") Newsgroups: comp.protocols.tcp-ip Subject: Re: Can "springboarding" be prevented? Message-ID: <9103261840.AA11744@ucbvax.Berkeley.EDU> Date: 26 Mar 91 14:53:00 GMT Sender: daemon@ucbvax.BERKELEY.EDU Organization: The Internet Lines: 54 Netlanders, The problem of "springboarding" I posted to this mail group on 3/25/91 can better be described with the following figure: ----- ----- 56kb link | WSB | | RTB |------- | | | | / ----- ----- ----- -------| RTA | | | | | | | ----- | | | isolated | subnet | remote | subnet ------------------------- ------------------ | | | | ----- ----- | RTC | | WSA | | | | | ----- ----- | local | subnet ------------------ | | ----- ----- | WSC | | WSD | | | | | ----- ----- where: WS[A-D] = workstations RT[A-C] = routers with filters Problem: WSA is a workstation on a remote subnet. A user on WSA needs to TELNET to WSC on the local subnet in order to use resources there. However, once that user has connected to WSC what (if anything) can be used to prevent s/he from using WSC as a "springboard" to attempt to break into machines on the local subnet i.e. WSD? At the same time a user from WSC must still be able to connect to WSD. I need a way to restrict TCP/IP services on WSC based on whether the call originated from the remote subnet. Note: Any user on WSA wanting to connect to WSC must first TELNET to WSB as a first line of defense. This can be accomplished via filters(IP address and port number) on RTB and RTC. Also, once the user from WSA has gotten past WSB and RTC and is connected to WSC his/her packets cannot be distinguished from a local user on WSC wanting to use resources on WSD. What are my options? Simply isolating WSC on its own subnet won't help. Is some kind of a kernel modification required? If so, what? Thanks in advance, Jerry Damian Ford Motor Company damian@srlvx0.srl.ford.com