Firewall Wizards mailing list archives

Re: Use of single port aggregations to enhance security

From: ArkanoiD <ark () eltex net>
Date: Sat, 9 Jan 2010 11:26:15 +0300

I thought *every* operating system follows the rule "apply
packet filtering first, bring interfaces up later" nowdays?

On Wed, Jan 06, 2010 at 06:12:46AM +1100, Darren Reed wrote:

So what difference can this make?

If you're using an operating system based firewall (Linux,
BSD, Solaris), then depending on the order of the operating
system enabling firewalls capabilities vs networking, there
may be windows where packets are able to reach code paths
that they weren't intended for because nic drivers start
servicing packets quite early.


_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Use of single port aggregations to enhance security Darren Reed (Jan 07)
- Re: Use of single port aggregations to enhance security Paul Melson (Jan 08)
- Re: Use of single port aggregations to enhance security ArkanoiD (Jan 11)
  - Re: Use of single port aggregations to enhance security david (Jan 12)