IP is a fairly high-order construct. Beneath it , the data link and physical layers remain almost unnoticed. One thought that came to mind would be to attack a machine on the same LAN, and then exploit an Ethernet vulnerability to listen to "the wire". Not sure how many (if any) Ethernet vulnerabilities there are, but that would be one possible vector. Also, the nic card itself might have physical-layer vulnerabilities, such as administrative backdoors. That's all aimed at eavesdropping. Escalating that to an OS pwnership is beyond my imagination. But I imagine it's not beyond *somebody's* imagination. And that's the beauty of the hack. There's always someone in the rabble with a background in electronics or orchid-growing or intergalactic imaging that has an insight that nobody thought to defend. Check... No, wait, Checkmate!
On Sun, May 26, 2019 at 4:04 AM Walt <neurobot...@protonmail.ch> wrote: > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ > On Friday, May 24, 2019 2:30 PM, Jean-Francois Simon < > jfsimon1...@gmail.com> wrote: > > > Hi, > > > > Out of interest, I'd like to let you know a specific use of OpenBSD with > > PF, in virtualbox, 2 virtual network card Bridged to physical NIC, and > > building up a subnet with NAT and hence running Packet Filter as the > > machine's firewall. > > > > That's the firewall I use under Win7, OpenBSD running in a VM, out of > > pure interest into running BSD and let it purify the network access to > > desktop (without need for additional hardware). > > > > Works well, love it. > > > > Jean-François > > I like having a firewall that would pretty much require someone physically > entering the computer room in order to attack the firewall. With OpenBSD, > your firewall can control your network traffic without having an IP address > at all. > > One thing that you could try is to use the OpenBSD VM as the firewall, but > don't assign any IP address to the firewall. The Win7 VM would have the > actual IP address, but the OpenBSD VM would control the network. > > If I ever get around to getting enough IPv4 addresses so that I don't need > a NAT, I'll go back to isolating access to the firewall with this approach. > > I am curious if there is any way to attack the firewall if it has no IP > addresses. > > W > >
