Firewall Wizards mailing list archives
Re: Firewall comparison in Data Communications
From: Nicolas FISCHBACH <nicolist () adec fr>
Date: Sat, 29 May 1999 23:22:20 +0200
Matt Curtin wrote:
Hmm. I saw no mention of attempts to source-route traffic. I have been told that NT doesn't have the ability to detect and block source-routed packets. Are NT firewalls somehow detecting and dropping these things these days? Or is it true that NT firewalls are unable to block this attack without help from another component with half a brain (i.e., having the access router drop source routed stuff)?
It seems that SP5 (for NT4) fixes this. According to KB article Q217336 you can disable the "TCP/IP Source Routing Feature" via a new registry key (http://support.microsoft.com/support/kb/articles/Q217/3/36.asp). I didn't have time to check if it works and if source routed datagrams only get dropped or also logged (in the case of a normal -not a firewall- server). nico. -- ------------- Nicolas FISCHBACH [nicolas () adec fr] ------------- Responsable Reseaux, Systemes et Securite ADELIS - groupe B.I.C Network/System Administrator ADEC http://www.adec.fr/nicolas Webmaster TIP6 http://tip6.lip6.fr Gsm: +33 (0)6.08.68.93.28
Current thread:
- Firewall comparison in Data Communications David Newman (May 22)
- Re: Firewall comparison in Data Communications Matt Curtin (May 28)
- Re: Firewall comparison in Data Communications Nicolas FISCHBACH (May 30)
- <Possible follow-ups>
- Re: Firewall comparison in Data Communications Robert Graham (May 30)
- Re: Firewall comparison in Data Communications Matt Curtin (May 28)