Firewall Wizards mailing list archives
Re: CERT vulnerability note VU# 539363
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Wed, 16 Oct 2002 09:56:00 -0400 (EDT)
On Wed, 16 Oct 2002, Paul D. Robertson wrote:
On Wed, 16 Oct 2002, Mikael Olsson wrote:Although this is something that people need to keep in mind when picking / designing a firewall, I'd argue that anything north of a stateless packet filter is going to be vulnerable to these sort of attacks.So will anything south of a firewall- hosts aren't immune to flooding attacks either, with our without state, nor are routers...If you keep state, you will be vulnerable to state table overflows.I don't know that "overflow" is the right word here, "exhaustion" seems more fitting. When I first looked at this, I kind of shrugged and said "So what?" the firewall is doing its job- stopping packets when there's an attack-
Although the second technique mentions the CRC host after the firewall attack seems to indicate otherwise, as the packets leave the gateway and hit the host, which then rejects the packets. It's that method that seems to be different, and perhaps an issue vendors now need to look into dealing with. Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: CERT vulnerability note VU# 539363, (continued)
- RE: CERT vulnerability note VU# 539363 Stephen Gill (Oct 16)
- Re: CERT vulnerability note VU# 539363 Daniel Hartmeier (Oct 16)
- RE: CERT vulnerability note VU# 539363 Stephen Gill (Oct 16)
- RE: CERT vulnerability note VU# 539363 R. DuFresne (Oct 16)
- RE: CERT vulnerability note VU# 539363 Stephen Gill (Oct 16)
- RE: CERT vulnerability note VU# 539363 R. DuFresne (Oct 16)
- RE: CERT vulnerability note VU# 539363 Stephen Gill (Oct 16)
- RE: CERT vulnerability note VU# 539363 Stephen Gill (Oct 16)
- RE: CERT vulnerability note VU# 539363 Ofir Arkin (Oct 16)
- RE: CERT vulnerability note VU# 539363 Stephen Gill (Oct 16)
- Re: CERT vulnerability note VU# 539363 R. DuFresne (Oct 16)
- Re: CERT vulnerability note VU# 539363 Daniel Hartmeier (Oct 16)
- Re: CERT vulnerability note VU# 539363 Paul D. Robertson (Oct 16)
- Re: CERT vulnerability note VU# 539363 Mikael Olsson (Oct 16)