Firewall Wizards mailing list archives
RE: COmpare Firewalls
From: "Joe Ippolito" <joe () joesnet com>
Date: Thu, 9 Sep 1999 07:48:33 -0700
I know that MS has addressed problems like "ping of death" to NT with previous service packs; See http://support.microsoft.com/support/kb/articles/Q132/4/70.asp for a really old one. Does anyone out there know whether NT 4 SP5 (without MS Proxy's packet filter) is still vulnerable to such attacks? Just curious. -----Original Message----- From: Darren Reed [mailto:darrenr () reed wattle id au] Sent: Thursday, September 09, 1999 5:16 AM To: dwelch () best com Cc: joe () joesnet com; firewall-wizards () nfr net Subject: Re: COmpare Firewalls In some email I received from Dameon D. Welch, sie wrote:
An application layer filter can not protect your OS against certain DOS attacks such as a Ping of Death. A ping of death causes problems at the IP stack, which an application can not effectively protect. An application can filter based on IP addresses, but it's more like an access list for the application (like TCP Wrappers) versus kernel-level packet filtering.
Is this just ignorance or what ? Well, I guess it depends on _what_ you consider as being "protected" here. If you want to include the firewall itself, then if it just does application proxying, sure, it may die from the Ping of Death. But unless their product is a total piece of garbage. whatever is behind it should be immune to the Ping of Death. (When I say garbage, I'm implying that they must have a ICMP relay program that not only receives a PoD without dieing but creates one itself, which I would consider rather extraordinary for a firewall to do). FWIW, the application proxy should be able to do filtering on things like source routing (socket options), bad source addresses/port numbers - other nasty packets such as those fragmented inside the TCP header aren't going to be a worry because they need to be reassembled by the proxy firewall and will be treated as a whole by the firewall and not resent on as those nastygrams. Darren
Current thread:
- COmpare Firewalls TUDOR PANAITESCU (Sep 01)
- RE: COmpare Firewalls Joe Ippolito (Sep 07)
- <Possible follow-ups>
- Re: COmpare Firewalls dwelch (Sep 06)
- RE: COmpare Firewalls Joe Ippolito (Sep 07)
- Re: COmpare Firewalls Dameon D. Welch (Sep 07)
- RE: COmpare Firewalls Joe Ippolito (Sep 08)
- Re: COmpare Firewalls Dameon D. Welch (Sep 08)
- RE: COmpare Firewalls Joe Ippolito (Sep 09)
- Re: COmpare Firewalls Darren Reed (Sep 09)
- RE: COmpare Firewalls Joe Ippolito (Sep 09)
- RE: COmpare Firewalls Joe Ippolito (Sep 07)
- Re: COmpare Firewalls Crispin Cowan (Sep 10)
- Re: COmpare Firewalls Darren Reed (Sep 10)