Penetration Testing mailing list archives
Is ipchains -y secure enough?
From: "Philip Stoev" <philip () stoev org>
Date: Mon, 4 Jun 2001 17:57:00 +0300
Excuse me for the ignorance, but I would like to ask if the community considers ipchains rules containing the -y flag as secure for the purpose of TCP filtering. Such a rule will prevent the stablishment of TCP connections to the host being firewalled. Is there a way to curcumvent such a protection? I am mostly interested if direct attacks (as if there is no firewall rule at all) are possible. I know that if there is a broken proxy server or a web interface or something else that can be used as a launch pad, such filters may not help. However, what can an attacker do to a filtered service if no other vulnerable or insecure service exists? We assume that there are no UDP services running on the machine being firewalled (as -y filters do not apply to those) and that the TCP/IP stacks are stable enough (no DoS conditions, floods, etc.). Yes, I know that port scanners can bypass -y filters and still map the host being firewalled, however is there more that can be done against such a host? Thanks in advance. Philip
Current thread:
- Is ipchains -y secure enough? Philip Stoev (Jun 04)
- RE: Is ipchains -y secure enough? Golden_Eternity (Jun 05)
- Re: Is ipchains -y secure enough? Marius Huse Jacobsen (Jun 07)
- <Possible follow-ups>
- RE: Is ipchains -y secure enough? Firehose () cavu com (Jun 24)
- RE: Is ipchains -y secure enough? Golden_Eternity (Jun 05)