nanog mailing list archives

Re: Dynamic routing on firewalls.

From: Valdis.Kletnieks () vt edu
Date: Mon, 09 Feb 2015 09:14:16 -0500

On Mon, 09 Feb 2015 11:54:04 -0200, Patrick Tracanelli said:

On a bridged firewall you can have the behavior you want, whatever it is. Passing packets with firewall is down, but 
the box still up.


Owen's point is that passing packets if the firewall is down is really poor
security-wise.   If you run in that configuration, I simply DoS your firewall
(probably from one set of IP addresses), and then once it has fallen over and
is being bypassed, I send my *real* malicious traffic from some other IP
address, totally uninspected and unhindered.  Much hilarity, hijinks, and
pwnage ensues.

Attachment: _bin
Description:

Current thread:

Re: Dynamic routing on firewalls., (continued)
- - - Re: Dynamic routing on firewalls. Owen DeLong (Feb 07)
    - Re: Dynamic routing on firewalls. BPNoC Group (Feb 08)
    - Re: Dynamic routing on firewalls. Jeff McAdams (Feb 08)
    - Re: Dynamic routing on firewalls. BPNoC Group (Feb 08)
    - Re: Dynamic routing on firewalls. Owen DeLong (Feb 08)
    - Re: Dynamic routing on firewalls. Rich Kulawiec (Feb 09)
    - Re: Dynamic routing on firewalls. Eugeniu Patrascu (Feb 09)
    - Re: Dynamic routing on firewalls. Patrick Tracanelli (Feb 08)
    - Re: Dynamic routing on firewalls. Owen DeLong (Feb 08)
    - Re: Dynamic routing on firewalls. Patrick Tracanelli (Feb 09)
    - Re: Dynamic routing on firewalls. Valdis . Kletnieks (Feb 09)
    - Re: Dynamic routing on firewalls. Patrick Tracanelli (Feb 09)
    - Re: Dynamic routing on firewalls. Valdis . Kletnieks (Feb 09)
    - Re: Dynamic routing on firewalls. Patrick Tracanelli (Feb 09)
  - Re: Dynamic routing on firewalls. Nicholas Oas (Feb 05)
- Re: Dynamic routing on firewalls. Craig (Feb 08)
  - RE: Dynamic routing on firewalls. Tony Wicks (Feb 08)