Possible security hole

chkaSOLUTIONS.IE

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: The ADM Crew: "Re: ADM w0rm"
• Previous message: Gregory A. Carter: "Re: FrontPage + Apache + FreeBSD"
• Next in thread: Cristiano Lincoln Mattos: "Re: Possible security hole"

Hi,

   I tried to ping a NT box with FW1 installed while it was booting. I
don't know if this is bad (I believe that it is) but look the ping
replies:

$ ping xxx.xxx.xxx.xxx
PING xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx): 56 data bytes
64 bytes from xxx.xxx.xxx.xxx: icmp_seq=25 ttl=122 time=48.3 ms
64 bytes from xxx.xxx.xxx.xxx: icmp_seq=26 ttl=122 time=104.3 ms
64 bytes from xxx.xxx.xxx.xxx: icmp_seq=27 ttl=122 time=115.4 ms
64 bytes from xxx.xxx.xxx.xxx: icmp_seq=28 ttl=122 time=130.9 ms
64 bytes from xxx.xxx.xxx.xxx: icmp_seq=29 ttl=122 time=142.5 ms
64 bytes from xxx.xxx.xxx.xxx: icmp_seq=30 ttl=122 time=158.7 ms
64 bytes from xxx.xxx.xxx.xxx: icmp_seq=31 ttl=122 time=162.6 ms
64 bytes from xxx.xxx.xxx.xxx: icmp_seq=32 ttl=122 time=68.4 ms
64 bytes from xxx.xxx.xxx.xxx: icmp_seq=33 ttl=122 time=57.1 ms
64 bytes from xxx.xxx.xxx.xxx: icmp_seq=34 ttl=122 time=68.5 ms

--- xxx.xxx.xxx.xxx ping statistics ---
49 packets transmitted, 10 packets received, 79% packet loss
round-trip min/avg/max = 48.3/105.6/162.6 ms

The first 25 packets were lost before the interface's initialization. The
packets with sequence number greater than 34 are droped from the firewall.
What about the packets with sequence number 25-34? Is it possible that
someone can use this time (after the interface's initialization and before
the firewall's initialization) to do something bad?

Regards,
Christofer

• Next message: The ADM Crew: "Re: ADM w0rm"
• Previous message: Gregory A. Carter: "Re: FrontPage + Apache + FreeBSD"
• Next in thread: Cristiano Lincoln Mattos: "Re: Possible security hole"