Bugtraq mailing list archives
Re: Possible security hole
From: jcostom () JASONS ORG (Jason Costomiris)
Date: Mon, 29 Mar 1999 09:21:08 -0500
On Fri, Mar 26, 1999 at 05:13:37PM +0000, Christoforos Karatzinis wrote:
: The first 25 packets were lost before the interface's initialization. The
: packets with sequence number greater than 34 are droped from the firewall.
: What about the packets with sequence number 25-34? Is it possible that
: someone can use this time (after the interface's initialization and before
: the firewall's initialization) to do something bad?
Prior to version 2.1c of FW-1, you used to be able to.. 2.1c and later
by default have an option activated to disable IP forwarding after
interfaces are initialized, but before the fwd is started. If you're
running 2.1c or later, you have to explicitly turn this option OFF in
order to be vulnerable.
What you were probably seeing is a chain of events like:
start pinging external interface of fw
interfaces come up
receive echo replies
fwd starts
FW-1 policy has the firewall "stealthed", so your echos get dropped.
--
Jason Costomiris <><
Technologist, cryptogeek, human.
jcostom {at} jasons {dot} org | http://www.jasons.org/
Current thread:
- Re: FrontPage + Apache + FreeBSD Forrest J. Cavalier III (Mar 25)
- <Possible follow-ups>
- Re: FrontPage + Apache + FreeBSD Paul Schandel (Mar 26)
- Possible security hole Christoforos Karatzinis (Mar 26)
- Re: Possible security hole Jason Costomiris (Mar 29)
- Bypassing Excel Macro Virus Protection rotaiv (Mar 29)
- Re: FrontPage + Apache + FreeBSD Gregory A. Carter (Mar 26)
- Possible security hole Christoforos Karatzinis (Mar 26)
- Re: FrontPage + Apache + FreeBSD Paul Schandel (Mar 26)
- Re: FrontPage + Apache + FreeBSD -Reply Bob McConnell (Mar 29)