|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Possible security hole
Ryan Russell (Ryan.Russell
SYBASE.COM)Sun, 28 Mar 1999 19:07:57 -0800
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Doug Granzow: "Re: Melissa Macro Virus"
- Previous message: Nick FitzGerald: "Re: Malicious code detection and full disclosure"
- Maybe in reply to: Christoforos Karatzinis: "Possible security hole"
- Next in thread: Darren Reed: "Re: Possible security hole"
>The first 25 packets were lost before the interface's initialization. The
>packets with sequence number greater than 34 are droped from the firewall.
>What about the packets with sequence number 25-34? Is it possible that
>someone can use this time (after the interface's initialization and before
>the firewall's initialization) to do something bad?
Absolutely. There is a period of time while the FW is booting when the
OS is up, but the FW software is not. FW-1 makes no attempt to hook
the IP stack in such a way to prevent this. You MUST secure the
underlying OS ON YOUR OWN. FW-1 does NOT "harden" the OS..
As for pings being dropped.. it's not unusual for some OSes
(IOS included) to respond to pings, and then not, and then
respond again during a boot. The second time not responding
may be when the FW software kicked it, depending on the rules
set.
Ryan
- Next message: Doug Granzow: "Re: Melissa Macro Virus"
- Previous message: Nick FitzGerald: "Re: Malicious code detection and full disclosure"
- Maybe in reply to: Christoforos Karatzinis: "Possible security hole"
- Next in thread: Darren Reed: "Re: Possible security hole"