Bugtraq mailing list archives
Re: Possible security hole
From: avalon () COOMBS ANU EDU AU (Darren Reed)
Date: Tue, 30 Mar 1999 09:13:50 +1000
In some mail from Ryan Russell, sie said:
The first 25 packets were lost before the interface's initialization. The packets with sequence number greater than 34 are droped from the firewall. What about the packets with sequence number 25-34? Is it possible that someone can use this time (after the interface's initialization and before the firewall's initialization) to do something bad?Absolutely. There is a period of time while the FW is booting when the OS is up, but the FW software is not. FW-1 makes no attempt to hook the IP stack in such a way to prevent this. You MUST secure the underlying OS ON YOUR OWN. FW-1 does NOT "harden" the OS..
I think you missed the point here...if the interfaces are UP, then it's likely to be forwarding packets *through* the box...I don't know if the NT version of FW-1 has a control ip forwarding option as does the Solaris one, but it should. (THe poster didn't say if packets got through or if they even tested that). Darren
Current thread:
- Re: Possible security hole Ryan Russell (Mar 28)
- Re: Possible security hole Darren Reed (Mar 29)
- <Possible follow-ups>
- Re: Possible security hole Cristiano Lincoln Mattos (Mar 29)
- Re: Possible security hole Warren Barrow (Mar 29)
- Re: Possible security hole Ryan Russell (Mar 29)