Firewall Wizards mailing list archives
Re: Firewalls that generate new packets..
From: Darren Reed <Darren.Reed () Sun COM>
Date: Wed, 28 Nov 2007 15:54:44 -0800
J. Oquendo wrote:
... On the flip side of this whole argument right here... Coming from an attack vector, I've pretty much shut down (local and remotely) three of the five firewalls I mentioned with a DoS tool I wrote that is being looked at by 2 of the five mentioned. Isn't that ironic... Here they are protecting, yet here they are all vulnerable at the bottom of it all. I cannot, will not post any coding probably ever because I do not believe there are fixes (legacy TCP thing I believe). PSIRT has tinkered with it for the past 60+ days without a resolution. The other vendor solely sent a generic "eye eye Spock we will look at it!" but my guess is they'd rather spend money on inviting us all to continental breakfast and a movie (hey you got that too!) To be fair to firewall vendors about this attack though, it pretty much shuts down anything connected period, from a DSL --> DS3 goodbye. So I guess it would be fair to state that as opposed to seeming as if I'm pointing a finger at the entire firewall industry.
This kind of attitude really annoys the heck out of me. There are more people that care about hearing about these styles of problems than those 5 companies. Put up or shut up - at present, what you're describing sounds like something you can talk about to make yourself seem clever as there is no acknowledgement from anyone else that what you've thought of works. It's highly doubtful that you've run across something that nobody else has and email like this does nothing except spread FUD. Darren _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Firewalls that generate new packets.., (continued)
- Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 30)
- Re: Firewalls that generate new packets.. Fetch, Brandon (Nov 30)
- ***SPAM*** Re: Firewalls that generate new packets.. Dave Piscitello (Nov 30)
- Re: Firewalls that generate new packets.. Patrick M. Hausen (Nov 28)
- Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 28)
- Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 28)
- Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 28)
- Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 28)
- Re: Firewalls that generate new packets.. Tina Bird (Nov 27)
- Re: Firewalls that generate new packets.. J. Oquendo (Nov 28)
- Re: Firewalls that generate new packets.. Darren Reed (Nov 28)
- Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 28)
- Re: Firewalls that generate new packets.. Darren Reed (Nov 28)
- Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 28)
- Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 28)
- Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 29)
- Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 29)
- Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 30)
- Re: Firewalls that generate new packets.. AMuse (Nov 28)
- Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 28)
- Re: Firewalls that generate new packets.. AMuse (Nov 28)