Firewall Wizards mailing list archives
Re: Firewall comparison in Data Communications
From: Robert Graham <robert_david_graham () yahoo com>
Date: Sat, 29 May 1999 15:21:59 -0700 (PDT)
It depends on where a firewall hooks into the TCP/IP stack. I know that BlackICE (an IDS with some minor firewall functionality) hooks in between the adapter and the TCP/IP stack. Because of this, it has to completely re-implement the TCP/IP stack that it is filtering, meaning any/all features/bugs of the Microsoft stack are irrelevent. Ergo, BlackICE blocks source routed packets. AFAIK, all the NT firewalls work in the same manner, with the possible exception of MS Proxy server. However, Microsoft has created APIs for Windows 2000 in order to make firewalls easier. They also have published the source code for their Windows 2000 TCP/IP stack (though I believe it to be the source for the beta, they may hide the source to the release version). In any event, I've heard Windows 2000 also can be configured to block source routed packets. --- Matt Curtin <cmcurtin () interhack net> wrote:
Hmm. I saw no mention of attempts to source-route traffic. I have been told that NT doesn't have the ability to detect and block source-routed packets. Are NT firewalls somehow detecting and dropping these things these days? Or is it true that NT firewalls are unable to block this attack without help from another component with half a brain (i.e., having the access router drop source routed stuff)? -- Matt Curtin cmcurtin () interhack net http://www.interhack.net/people/cmcurtin/
_________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
Current thread:
- Firewall comparison in Data Communications David Newman (May 22)
- Re: Firewall comparison in Data Communications Matt Curtin (May 28)
- Re: Firewall comparison in Data Communications Nicolas FISCHBACH (May 30)
- <Possible follow-ups>
- Re: Firewall comparison in Data Communications Robert Graham (May 30)
- Re: Firewall comparison in Data Communications Matt Curtin (May 28)