[comp.protocols.tcp-ip] Can "springboarding" be prevented?

DAMIAN@SRLVX0.SRL.FORD.COM ("Jerry Damian") (03/25/91)

Netlanders,
	Is there a way to prevent a selected user(s) from TELNETing to other hosts once s/he has TELNETed in? I would like to be able limit TCP/IP services in
general to particular users depending upon the subnet from where they came. Things like secure inetd work with incoming connections, but is there anything I canuse to limit outgoing connections based on where the call originated?

				Thanks in advance,
				Jerry Damian
				Ford Motor Co.
                                damian@srlvx0.srl.ford.com

DAMIAN@srlvx0.srl.ford.com ("Jerry Damian") (03/26/91)

Netlanders,

   The problem of "springboarding" I posted to this mail group on 3/25/91 can better be described
with the following figure:

                   -----     -----    56kb link
                  | WSB |   | RTB |-------
                  |     |   |     |      /      -----
                   -----     -----      -------| RTA |
                     |         |               |     |
                     |         |                -----
                     |         |                  | 
            isolated | subnet  |           remote | subnet          
            -------------------------      ------------------
                          |                            |
                          |                            |
                        -----                        -----
                       | RTC |                      | WSA |
                       |     |                      |     |
                        -----                        -----
                          |
                    local | subnet
                  ------------------
                     |         |
                   -----     -----
                  | WSC |   | WSD |
                  |     |   |     |
                   -----     -----

   where:
          WS[A-D] = workstations
          RT[A-C] = routers with filters

 Problem: WSA is a workstation on a remote subnet. A user on WSA needs to
 TELNET to WSC on the local subnet in order to use resources there. However,
 once that user has connected to WSC what (if anything) can be used to prevent
 s/he from using WSC as a "springboard" to attempt to break into machines on
 the local subnet i.e. WSD? At the same time a user from WSC must still be
 able to connect to WSD. I need a way to restrict TCP/IP services on WSC based
 on whether the call originated from the remote subnet.   

 Note: Any user on WSA wanting to connect to WSC must first TELNET to WSB
 as a first line of defense. This can be accomplished via filters(IP address
 and port number) on RTB and RTC. Also, once the user from WSA has gotten
 past WSB and RTC and is connected to WSC his/her packets cannot be distinguished
 from a local user on WSC wanting to use resources on WSD.

 What are my options? Simply isolating WSC on its own subnet won't help. Is some kind
 of a kernel modification required? If so, what?

				Thanks in advance,
				Jerry Damian
				Ford Motor Company
				damian@srlvx0.srl.ford.com