Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CIsco PIX vulnerable to TCP RST DOS attacks

From: "Paul D. Robertson" <paul () compuwar net>
Date: Wed, 5 May 2004 08:38:42 -0400 (EDT)
On Wed, 5 May 2004, Ahmed, Balal wrote:


If a PIX, or any other firewall/device for that matter, is performing
NAPT/Hide NAT/PAT/NAT then as far as the TCP conversation is concerned is it
a connection end point or a transit device ?


If it's a proxy, or a termination point for a connection such as a VPN,
then it's an endpoint, if it's a filter or router, then it's a transit
device.

It's possible for stateful filters to "fix" endpoint issues for this bug-
but it's not a default, and would have probably had to have been added
since the original advisory went out.  I'd like to see the firewall
vendors who can step up and fix this one- it's a perfect "we can fix this
without having folks update every system" thing that firewalls SHOULD fix.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: