Bugtraq mailing list archives
Re: Possible security hole
From: Ryan.Russell () SYBASE COM (Ryan Russell)
Date: Sun, 28 Mar 1999 19:07:57 -0800
The first 25 packets were lost before the interface's initialization. The packets with sequence number greater than 34 are droped from the firewall. What about the packets with sequence number 25-34? Is it possible that someone can use this time (after the interface's initialization and before the firewall's initialization) to do something bad?
Absolutely. There is a period of time while the FW is booting when the OS is up, but the FW software is not. FW-1 makes no attempt to hook the IP stack in such a way to prevent this. You MUST secure the underlying OS ON YOUR OWN. FW-1 does NOT "harden" the OS.. As for pings being dropped.. it's not unusual for some OSes (IOS included) to respond to pings, and then not, and then respond again during a boot. The second time not responding may be when the FW software kicked it, depending on the rules set. Ryan
Current thread:
- Re: Possible security hole Ryan Russell (Mar 28)
- Re: Possible security hole Darren Reed (Mar 29)
- <Possible follow-ups>
- Re: Possible security hole Cristiano Lincoln Mattos (Mar 29)
- Re: Possible security hole Warren Barrow (Mar 29)
- Re: Possible security hole Ryan Russell (Mar 29)