Firewall Wizards mailing list archives
Re: OBSD reaction to CERT advisory
From: Darren Reed <darrenr () reed wattle id au>
Date: Thu, 10 Oct 2002 23:45:48 +1000 (EST)
In some email I received from Daniel Hartmeier, sie wrote: [...]
Mikael, can you recommend a suitable OS and ftp daemon combination that allows testing (the ftp server has commands that quote queries in the needed way and the OS' stack does partial retransmissions)?
Tell me what fool would agree to this setup ? This is like a "Watch me tunnel IP packets over DNS and show you how your firewall does not stop me hack internal boxes" where someone gets to pick the DNS server on the inside and outside. Pick a vendor's distribution that you think will work. That brings me to another point, that was sorely missed in all the public material I've seen so far, except maybe by Sun (and in the wrong way) and that is you need a very special ftp daemon (i.e. not any of the vendor ones I have tried) before it will stand a chance of defeating IPFilter. Darren _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- OBSD reaction to CERT advisory Paul D. Robertson (Oct 09)
- Re: OBSD reaction to CERT advisory Daniel Hartmeier (Oct 09)
- Re: OBSD reaction to CERT advisory Paul Robertson (Oct 09)
- Re: OBSD reaction to CERT advisory Daniel Hartmeier (Oct 09)
- Re: OBSD reaction to CERT advisory Darren Reed (Oct 09)
- Re: OBSD reaction to CERT advisory Daniel Hartmeier (Oct 10)
- Re: OBSD reaction to CERT advisory Darren Reed (Oct 10)
- Re: OBSD reaction to CERT advisory Daniel Hartmeier (Oct 10)
- Re: OBSD reaction to CERT advisory Darren Reed (Oct 10)
- Re: OBSD reaction to CERT advisory Paul Robertson (Oct 09)
- Re: OBSD reaction to CERT advisory Daniel Hartmeier (Oct 09)