|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Crafted Packets Handling by Firewalls - FW-1 case
Subject: Re: Crafted Packets Handling by Firewalls - FW-1 case
From: Darren Reed (avalon
COOMBS.ANU.EDU.AU)
Date: Thu Jan 20 2000 - 18:39:09 CST
- Next message: Ken Barber: "Rh 6.1 initial root password encryption"
- Previous message: IAKOVLEVFR.IBM.COM: "Re: Crafted Packets Handling by Firewalls - FW-1 case"
- In reply to: Ofir Arkin: "Crafted Packets Handling by Firewalls - FW-1 case"
- Reply: Darren Reed: "Re: Crafted Packets Handling by Firewalls - FW-1 case"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
In some mail from Ofir Arkin, sie said:
>
> I will try to focus more on the subject.
>
> FW-1 do accept: ACK, SYN-ACK, NULL, FIN-ACK (and more) as valid
> traffic if they match the rule base, even if no connection establishment
> was in progress and no session state was in the firewalls table.
[...]
FW-1's behaviour in this respect has been discussed at length in the
past and last year a patch was released by them for their base INSPECT
code which changed the behaviour to not be this way. A patch, which
fixes this problem, was made available due to DoS problems. I believe
this URL will help you:
http://www.checkpoint.com/techsupport/alerts/ackdos.html
Darren
- Next message: Ken Barber: "Rh 6.1 initial root password encryption"
- Previous message: IAKOVLEVFR.IBM.COM: "Re: Crafted Packets Handling by Firewalls - FW-1 case"
- In reply to: Ofir Arkin: "Crafted Packets Handling by Firewalls - FW-1 case"
- Reply: Darren Reed: "Re: Crafted Packets Handling by Firewalls - FW-1 case"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b27 : Fri Jan 21 2000 - 15:24:53 CST