RE: port 256/257 and firewall-1

Scott Blake (blakenetegrity.com)
Tue, 28 Oct 1997 07:39:54 -0500

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: C Matthew Curtin: "Re: cost of frame relay snooping"
• Previous message: Ted Doty: "Re: cost of frame relay snooping"

As I said, limited testing. I've tested out of band data and a few fuzz
tests. FW-1 appears to simply ignore everything that isn't strictly
what it wants. Clearly, I don't have the definitive answer on this
subject. Perhaps someone with more time could take this ball and report
their results?

-s

Scott Blake, Network Security Architect
Netegrity, Inc.
blakesecurity.com

> -----Original Message-----
> From: Paul D. Robertson [SMTP:probertsclark.net]
> Sent: Thursday, October 23, 1997 9:23 AM
> To: Scott Blake
> Cc: firewall-wizardsnfr.net
> Subject: RE: port 256/257 and firewall-1
>
> On Wed, 22 Oct 1997, Scott Blake wrote:
>
> > they appear to be reasonably safe against DoS attacks (I'd love to
> hear
>
> Can you define what sorts of DoS attacks you've tried?
>
> eg:
>
> Fragmented packets with missing fragments
> Packets sourced from loopback
> Extremely large packets
> Extremely small packets
> Floods
> Broadcasts
> /dev/random payloads
> etc....
>
> Thanks,
>
> Paul
> ----------------------------------------------------------------------
> -------
> Paul D. Robertson "My statements in this message are personal
> opinions
> probertsclark.net which may have no basis whatsoever in fact."
>
> PSB#9280

• Next message: C Matthew Curtin: "Re: cost of frame relay snooping"
• Previous message: Ted Doty: "Re: cost of frame relay snooping"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:09:47 CDT