Full Disclosure mailing list archives
Re: RFC 3514 released
From: Ron DuFresne <dufresne () winternet com>
Date: Tue, 1 Apr 2003 09:44:34 -0600 (CST)
And others are right up on it's implications and options: From: Mikael Olsson <mikael.olsson () clavister com> Subject: [fw-wiz] Clavister Proudly Announces RFC3514 Compliance Organization: Clavister AB Date: Tue, 01 Apr 2003 13:23:30 +0200 To: fw-wiz <firewall-wizards () honor icsalabs com> An innovative security initiative ?rnsk?ldsvik, Sweden -------------------------------- April 1, 2003 Clavister AB is proud to present the world's first RFC3514 compliant network firewall product. In a proactive move, Clavister implemented the "IPRF" consistency check five years ago, making its firewall software RFC3514 compliant before the fact. With the release of the innovative security initiative outlined in ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt , Clavister will rename this setting to "IPEvilFlag" and change its configurable set from "Ignore", "Strip" and "Drop" to "Drop" and "HALT" in the new feature release scheduled for April 31. "We foresee a huge demand for the added HALT functionality. With it, a firewall administrator will be able to cause the firewall's CPU to immediately halt and cease forwarding traffic when it sees evil IP datagrams", says Mikael Olsson, R&D Manager at Clavister. "At this point, the administrator can connect to the in-kernel debugger via XMLRPC and fully examine the state of the state table as well as the packet buffers, and carefully consider whether the firewall should continue to execute or simply keep it halted until the attack has blown past." "This represents a great leap forward in security for IP networks. We applaud Steve Bellovin's ingeniousness in engineering this fundamental change to the IP protocol.", concludes John Vestberg, Vice President, Security. Thanks, Ron DuFresne -- On Tue, 1 Apr 2003, John Cartwright wrote:
Hi Steve Bellovin has released an important new RFC: RFC 3514: The Security Flag in the IPv4 Header ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt - John _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RFC 3514 released John Cartwright (Mar 31)
- Re: RFC 3514 released Kelly Black (Mar 31)
- Re: RFC 3514 released Darren Reed (Mar 31)
- Re: RFC 3514 released Patrick Fish (Mar 31)
- Re: RFC 3514 released Niels Bakker (Apr 01)
- RE: RFC 3514 released Jeremy Gaddis (Apr 01)
- Re: RFC 3514 released Darren Reed (Mar 31)
- Re: RFC 3514 released David Howe (Apr 01)
- Re: RFC 3514 released Michael Scheidell (Apr 01)
- Re: RFC 3514 released Ron DuFresne (Apr 01)
- Re: RFC 3514 released Cedric Blancher (Apr 01)
- Re: RFC 3514 released Kelly Black (Mar 31)