Re: Firewall robustness

[Bill Stout <stoutb () pios com>]

At 12:36 PM 10/2/97 +0100, Thierry GUINET wrote:
> This being said here is my question: Is it correct to believe that
> attacks directed against the TCP/IP stack (like the famous (infamous?)
> OOB attack family ) could lead to crash an NT Firewall where a Unix
> based firewall should continue to run?

There are a number of things from the network that can 'Blue Screen' an NT
box, most of those are fixed as soon as they are discovered.  If NT was
Mature, those issues would have been history, and we would not be finding
those new issues (isn't that reiterative?).  For use as a firewall, most
vulnerable ports are disabled.  The network stack is also supposed to be
replaced in most NT firewalls with known code.  However it appears that the
people hired to code the stack are usually MS-experienced programmers, and
cut-and-paste or otherwise make the same mistakes that MS did, leading to
similar vulnerabilities on different port numbers.

I have a draft 'NTexploits II' page at
http://www.geocities.com/researchtriangle/3372/ (hey, it was free!) which
also contains quite a few BSOD vulnerabilities.

Bill Stout