nanog mailing list archives
Re: Dynamic routing on firewalls.
From: Valdis.Kletnieks () vt edu
Date: Mon, 09 Feb 2015 09:14:16 -0500
On Mon, 09 Feb 2015 11:54:04 -0200, Patrick Tracanelli said:
On a bridged firewall you can have the behavior you want, whatever it is. Passing packets with firewall is down, but the box still up.
Owen's point is that passing packets if the firewall is down is really poor security-wise. If you run in that configuration, I simply DoS your firewall (probably from one set of IP addresses), and then once it has fallen over and is being bypassed, I send my *real* malicious traffic from some other IP address, totally uninspected and unhindered. Much hilarity, hijinks, and pwnage ensues.
Attachment:
_bin
Description:
Current thread:
- Re: Dynamic routing on firewalls., (continued)
- Re: Dynamic routing on firewalls. Owen DeLong (Feb 07)
- Re: Dynamic routing on firewalls. BPNoC Group (Feb 08)
- Re: Dynamic routing on firewalls. Jeff McAdams (Feb 08)
- Re: Dynamic routing on firewalls. BPNoC Group (Feb 08)
- Re: Dynamic routing on firewalls. Owen DeLong (Feb 08)
- Re: Dynamic routing on firewalls. Rich Kulawiec (Feb 09)
- Re: Dynamic routing on firewalls. Eugeniu Patrascu (Feb 09)
- Re: Dynamic routing on firewalls. Patrick Tracanelli (Feb 08)
- Re: Dynamic routing on firewalls. Owen DeLong (Feb 08)
- Re: Dynamic routing on firewalls. Patrick Tracanelli (Feb 09)
- Re: Dynamic routing on firewalls. Valdis . Kletnieks (Feb 09)
- Re: Dynamic routing on firewalls. Patrick Tracanelli (Feb 09)
- Re: Dynamic routing on firewalls. Valdis . Kletnieks (Feb 09)
- Re: Dynamic routing on firewalls. Patrick Tracanelli (Feb 09)
- RE: Dynamic routing on firewalls. Tony Wicks (Feb 08)