Re: Firewall comparison in Data Communications

[Robert Graham <robert_david_graham () yahoo com>]

It depends on where a firewall hooks into the TCP/IP stack. I know that
BlackICE (an IDS with some minor firewall functionality) hooks in
between the adapter and the TCP/IP stack. Because of this, it has to
completely re-implement the TCP/IP stack that it is filtering, meaning
any/all features/bugs of the Microsoft stack are irrelevent.

Ergo, BlackICE blocks source routed packets.

AFAIK, all the NT firewalls work in the same manner, with the possible
exception of MS Proxy server. However, Microsoft has created APIs for
Windows 2000 in order to make firewalls easier. They also have
published the source code for their Windows 2000 TCP/IP stack (though I
believe it to be the source for the beta, they may hide the source to
the release version).

In any event, I've heard Windows 2000 also can be configured to block
source routed packets.

--- Matt Curtin <cmcurtin () interhack net> wrote:
> Hmm.  I saw no mention of attempts to source-route traffic.
>
> I have been told that NT doesn't have the ability to detect and block
> source-routed packets.  Are NT firewalls somehow detecting and
> dropping these things these days?  Or is it true that NT firewalls
> are
> unable to block this attack without help from another component with
> half a brain (i.e., having the access router drop source routed
> stuff)?
>
> -- 
> Matt Curtin cmcurtin () interhack net
> http://www.interhack.net/people/cmcurtin/

_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com