Bugtraq mailing list archives

Re: Possible security hole

From: avalon () COOMBS ANU EDU AU (Darren Reed)
Date: Tue, 30 Mar 1999 09:13:50 +1000


In some mail from Ryan Russell, sie said:

The first 25 packets were lost before the interface's initialization. The
packets with sequence number greater than 34 are droped from the firewall.
What about the packets with sequence number 25-34? Is it possible that
someone can use this time (after the interface's initialization and before
the firewall's initialization) to do something bad?


Absolutely.  There is a period of time while the FW is booting when the
OS is up, but the FW software is not.  FW-1 makes no attempt to hook
the IP stack in such a way to prevent this.  You MUST secure the
underlying OS ON YOUR OWN.  FW-1 does NOT "harden" the OS..


I think you missed the point here...if the interfaces are UP, then
it's likely to be forwarding packets *through* the box...I don't
know if the NT version of FW-1 has a control ip forwarding option
as does the Solaris one, but it should.  (THe poster didn't say if
packets got through or if they even tested that).

Darren

Current thread:

Re: Possible security hole Ryan Russell (Mar 28)
- Re: Possible security hole Darren Reed (Mar 29)
- <Possible follow-ups>
- Re: Possible security hole Cristiano Lincoln Mattos (Mar 29)
- Re: Possible security hole Warren Barrow (Mar 29)
- Re: Possible security hole Ryan Russell (Mar 29)