Re: Free Firewalls? Thoughts...

[Mikael Olsson <mikael.olsson () clavister com>]

David Lang wrote:
> the advantage [of halted-mode operation firewalls] is that even if 
> you are running from a floppy you have a full userspace environment 
> to run programs in, once the machine has halted you don't even have 
> init, the only thing that is running is the kernel passing traffic.

I'd just like to point out here, in case someone has missed it, that
this is still exploitable.  Buffer overruns or format string attacks
or whatnot are still just as effective attacks; the CPU is still
executing code, and code can still be injected.

Of course, "meaningful" exploitation becomes harder because of the
obstacles mentioned, so this is (still) an effective deterrent 
for the everyday script kiddie, and an effective means of keeping
cluon-challenged coworkers from running stuff on the firewall.
And, of course, you're eliminating the risk of "ooops, did I leave
RPC running?".

I'm just saying that, for determined attackers, and assuming there's
something in the firewall or kernel to attack, it's still doable.
And since some people are in the habit of publishing point-and-click
attack tools once they've coded them ... :/


-- 
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
Phone: +46 (0)660 29 92 00   Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50       WWW: http://www.clavister.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards