Firewall Wizards mailing list archives
Re: CERT vulnerability note VU# 539363 (fwd)
From: Mike Frantzen <frantzen () w4g org>
Date: Tue, 22 Oct 2002 12:25:01 -0400
Mike's "reference" here is the hash table IPFilter uses (maybe others). FWIW, it gets distributed with a predefined size and most likely most people never change this. That said, nobody has ever come to me and said "here's a patch to fix it" or "my firewall is running like a dog because of this attack". Be that as it may, code has been in place for some time to address this issue, in future, using a secret.
Most firewalls I've seen used a hash table that could be attacked. Linux's Netfilter (2.4 and 2.5) too. It chooses its size based on the memory size in the machine though. Hell. I wrote one a few summers back over the course of a few weekends which had a very easily attacked state table too. I'm looking forward to how you encorporate a secret into the hash. There isn't enough good cryptographer blood in me to trust myself to write a safe hash function. .mike _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: CERT vulnerability note VU# 539363 (fwd), (continued)
- Re: CERT vulnerability note VU# 539363 (fwd) Daniel Hartmeier (Oct 16)
- Re: CERT vulnerability note VU# 539363 (fwd) Paul Robertson (Oct 16)
- Re: CERT vulnerability note VU# 539363 (fwd) Carson Gaspar (Oct 17)
- Re: CERT vulnerability note VU# 539363 (fwd) Mikael Olsson (Oct 16)
- Re: CERT vulnerability note VU# 539363 (fwd) Carson Gaspar (Oct 17)
- Re: CERT vulnerability note VU# 539363 (fwd) Mike Frantzen (Oct 17)
- Re: CERT vulnerability note VU# 539363 (fwd) Miles Sabin (Oct 18)
- Re: CERT vulnerability note VU# 539363 (fwd) Darren Reed (Oct 22)
- Re: CERT vulnerability note VU# 539363 (fwd) Mike Frantzen (Oct 22)
- RE: Re: CERT vulnerability note VU# 539363 (fwd) Ben Nagy (Oct 19)
- RE: Re: CERT vulnerability note VU# 539363 (fwd) Bill Royds (Oct 19)
- RE: Re: CERT vulnerability note VU# 539363 (fwd) Ben Nagy (Oct 19)