Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: The Mathematics of Relative Security

From: "R. DuFresne" <dufresne () sysinfo com>
Date: Thu, 30 Sep 2004 02:21:06 -0400 (EDT)
On Sat, 25 Sep 2004, Mark Tinberg wrote:


On Tue, 21 Sep 2004, Chris Pugrud wrote:


TCP also introduces a wrinkle that is not easily covered by the set theory I
have learned, or I'm missing something - the concept of one-way membership.  If


I may wish to point out at this point that TCP connections are generally 
bidirectional.  A may only be able to initiate to B, but once that 
connection is established B can send potentially malicious data back to A.  
See vulnerabilities in web client software for an example of this 
practice.



info flow is dual, but, there is still the concept of the controlling
terminal, like is shell related access.  Which seems to be defined by the
ability of sending the original syn packet for setup.  so, a good firewal
setup can minimize the damage an overflow might have in such a setup, or
even a trojan/backdoor, or am I way off base here?


Thanks,

Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: