OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NFR Wizards Archive: RE: Firewall comparison in Data Communicat

RE: Firewall comparison in Data Communications

W J La Cholter (tckgiage.com)
Wed, 2 Jun 1999 09:54:43 -0400

I know Gauntlet 1.1 for Windows NT, which came out in July 1997, blocked
source-routed traffic. It was the first version with kernel-level
changes for filtering and transparency. We implemented the same
algorithms for screening packets as Gauntlet 3 for UNIX.

Most NT firewalls that have a kernel-mode driver should be able to
screen source-routed packets and other nasties.
-
W. J. La Cholter <blacholtergiage.com> - Giage
PGP 5 Fingerprint: 79E0 EE3A 2EC1 2303 624C AE99 F31B 972B F24F 688E

-----Original Message-----
From: Matt Curtin [mailto:cmcurtininterhack.net]
Sent: Monday, May 24, 1999 10:22 PM
To: David Newman
Cc: firewall-wizardsnfr.net; firewallslists.gnac.net
Subject: Re: Firewall comparison in Data Communications

Hmm. I saw no mention of attempts to source-route traffic.

I have been told that NT doesn't have the ability to detect and block
source-routed packets. Are NT firewalls somehow detecting and
dropping these things these days? Or is it true that NT firewalls are
unable to block this attack without help from another component with
half a brain (i.e., having the access router drop source routed
stuff)? 

-- 
Matt Curtin cmcurtininterhack.net
http://www.interhack.net/people/cmcurtin/
-
[To unsubscribe, send mail to majordomolists.gnac.net with
"unsubscribe firewalls" in the body of the message.]

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:18:59 CDT