OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq Archives: Re: Crafted Packets Handling by Firewalls - F

Re: Crafted Packets Handling by Firewalls - FW-1 case


Subject: Re: Crafted Packets Handling by Firewalls - FW-1 case
From: Darren Reed (avalonCOOMBS.ANU.EDU.AU)
Date: Thu Jan 20 2000 - 18:39:09 CST


In some mail from Ofir Arkin, sie said:
>
> I will try to focus more on the subject.
>
> FW-1 do accept: ACK, SYN-ACK, NULL, FIN-ACK (and more) as valid
> traffic if they match the rule base, even if no connection establishment
> was in progress and no session state was in the firewalls table.
[...]

FW-1's behaviour in this respect has been discussed at length in the
past and last year a patch was released by them for their base INSPECT
code which changed the behaviour to not be this way. A patch, which
fixes this problem, was made available due to DoS problems. I believe
this URL will help you:

http://www.checkpoint.com/techsupport/alerts/ackdos.html

Darren



This archive was generated by hypermail 2b27 : Fri Jan 21 2000 - 15:24:53 CST