Firewall Wizards mailing list archives
Re: Penetration testing via shrinkware
From: "tqbf" <ashland () pobox com>
Date: Mon, 21 Sep 1998 18:34:34 -0400 (EDT)
True, but the same can be said for firewalls, in that there are always new attack mechanisms being developed to defeat firewalls; so in a sense they are never complete either. Certification of firewalls is usually
I do not believe this is the case. I think most attacks against firewalls (attacks designed to subvert the protection provided by firewalls) take advantage of implementation problems (ie, SYN+FIN ignored) or design problems (ie, first-fragment filtering). These problems exploit defects in firewall software; they violate design requirements. The discovery of the ToolTalk RPC hole last month did not violate a design goal of CCS or ISS; neither product was designed to detect the problem. When detection of this vulnerability is built into scanner products, failure to detect the ttdbserverd overflow will be a defect, in the same sense as bad fragment filtering is a defect in a firewall. We're comparing apples to oranges here, though. ----------------------------------------------------------------------------- Thomas H. Ptacek Network Security Research Team, NAI ----------------------------------------------------------------------------- "If you're so special, why aren't you dead?"
Current thread:
- RE: Penetration testing via shrinkware, (continued)
- RE: Penetration testing via shrinkware Gary Crumrine (Sep 03)
- RE: Penetration testing via shrinkware Christopher Nicholls (Sep 07)
- Re: Penetration testing via shrinkware tqbf (Sep 17)
- Re: Penetration testing via shrinkware Crispin Cowan (Sep 18)
- Re: Penetration testing via shrinkware Ted Doty (Sep 19)
- Re: Penetration testing via shrinkware tqbf (Sep 19)
- Re: Penetration testing via shrinkware Dave Whitlow (Sep 19)
- Re: Penetration testing via shrinkware Christopher Nicholls (Sep 19)
- Re: Penetration testing via shrinkware Adam Shostack (Sep 20)
- Re: Penetration testing via shrinkware Ivan Arce,CORE SDI (Sep 23)
- Re: Penetration testing via shrinkware tqbf (Sep 21)
- RE: Penetration testing via shrinkware Christopher Nicholls (Sep 07)
- RE: Penetration testing via shrinkware Gary Crumrine (Sep 03)
- Re: Penetration testing via shrinkware Crispin Cowan (Sep 19)
- Re: Penetration testing via shrinkware Paul D. Robertson (Sep 20)