Firewall Wizards mailing list archives

Re: Cisco PIX bug, discussions (lenghty)

From: "Ryan Russell" <Ryan.Russell () sybase com>
Date: Wed, 26 Aug 1998 08:00:25 -0700


Some tests I and others on the FW-1 mailing list
have done suggest those statements are incorrect.
At least, it doesn't under all circumstances.

                         Ryan

Firewall-1 v3.0 manual, p350:

"Firewall-1 performs virtual packet reassembly, and does not send a packet
until all it's fragments have been collected.  The algorithm used is
stricter than the standard packet reassembly algorithm, and does not

permit

overlays".

So it would appear that at least one SMLI firewall on the market does
defrag.  Of course this takes us back to the DoS attacks hinted at
previously...

-Euan.

Current thread:

Re: Cisco PIX bug, discussions (lenghty), (continued)
- - - Re: Cisco PIX bug, discussions (lenghty) Kevin Steves (Aug 28)
  - Re: Cisco PIX bug, discussions (lengthy) Frank Willoughby (Aug 26)
  - Re: Cisco PIX bug, discussions (lenghty) Euan (Aug 26)
    - Re: Cisco PIX bug, discussions (lenghty) Aleph One (Aug 27)
    - Re: Cisco PIX bug, discussions (lenghty) Robert Stahlbrand (Aug 27)
    - Message not available
    - Re: Cisco PIX bug, discussions (lenghty) Eric Vyncke (Aug 28)
  - Re: Cisco PIX bug, discussions (lenghty) Joseph S. D. Yao (Aug 26)
  - Re: performance vs. security (was Cisco PIX ...) (NetQuest) Borkin, Michael (Aug 30)
- Re: Cisco PIX bug, discussions (lenghty) Travis Low (Aug 26)
  - Re: Cisco PIX bug, discussions (lenghty) Robert Stahlbrand (Aug 27)
- Re: Cisco PIX bug, discussions (lenghty) Ryan Russell (Aug 26)
- Re: Cisco PIX bug, discussions (lenghty) Ryan Russell (Aug 27)
- Re: Cisco PIX bug, discussions (lenghty) Ryan Russell (Aug 28)
  - Re: Cisco PIX bug, discussions (lenghty) Aleph One (Aug 28)