Full Disclosure mailing list archives

Re: Lets discuss, Firewalls...


From: "Ben Nelson" <lists () venom600 org>
Date: Sat, 30 Aug 2003 09:44:26 -0600

On August 29, 9:33 pm "Mike @ Suzzal.net" <mike () suzzal net> wrote:

Can you get to it? How?

Possibly.  Source routed packets.


Do you still need a firewall? Why?


Yes. To block source routed packets. There may be a registry setting to not
accept source routed packets on windows...I'm not sure.  On linux you'd:
echo 0 > /proc/sys/net/ipv4/conf/<interface>/accept_source_route

Do that once for each interface on your box.

Another reason to have a firewall is to limit outbound traffic.  Say you
click on an email file attachment ( i.e. a really 'wicked' screensaver ;)
and your box gets infected with some worm.  Do you really want your box to
be able to advertise to the world that it's infected....and possibly infect
other boxes?

--Ben

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Current thread: