Bugtraq mailing list archives

Re: Possible security hole

From: Ryan.Russell () SYBASE COM (Ryan Russell)
Date: Sun, 28 Mar 1999 19:07:57 -0800

The first 25 packets were lost before the interface's initialization. The
packets with sequence number greater than 34 are droped from the firewall.
What about the packets with sequence number 25-34? Is it possible that
someone can use this time (after the interface's initialization and before
the firewall's initialization) to do something bad?


Absolutely.  There is a period of time while the FW is booting when the
OS is up, but the FW software is not.  FW-1 makes no attempt to hook
the IP stack in such a way to prevent this.  You MUST secure the
underlying OS ON YOUR OWN.  FW-1 does NOT "harden" the OS..

As for pings being dropped.. it's not unusual for some OSes
(IOS included) to respond to pings, and then not, and then
respond again during a boot.  The second time not responding
may be when the FW software kicked it, depending on the rules
set.

                         Ryan

Current thread:

Re: Possible security hole Ryan Russell (Mar 28)
- Re: Possible security hole Darren Reed (Mar 29)
- <Possible follow-ups>
- Re: Possible security hole Cristiano Lincoln Mattos (Mar 29)
- Re: Possible security hole Warren Barrow (Mar 29)
- Re: Possible security hole Ryan Russell (Mar 29)