RE: Firewall comparison in Data Communications

Alexander Schreiber (Alexander.Schreiberinformatik.tu-chemnitz.de)
Wed, 2 Jun 1999 12:41:00 +0200 (MET DST)

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Russ: "RE: Survey.exe"
• Previous message: Don Kendrick: "Re: Firewall comparison in Data Communications"
• Next in thread: Chris Brenton: "Re: Firewall comparison in Data Communications"

On Mon, 31 May 1999, Brian Steele wrote:

> <newbie-mode>What's a "source-routed packet"? And what danger does it pose
> to a Firewall?</newbie-mode>

It's a packet that contains a list of nodes to route it through. If you know
enough about the network structure behind a gateway machine (simple router,
firewall, ...) that does _not_ drop such packets on the floor you can happily
access machines that you should not be able to.

Every at least partly sane network admin therefore has his systems configured
to drop this kind of packet right on the floor - and probably report them
as _very_ lame attack attempt.

Regards,
        Alex.

-- 
------------------------------------------------------------------------------ 
 EMail : alsinformatik.tu-chemnitz.de | WWW : http://www.tu-chemnitz.de/~als
 If privacy is outlawed, only outlaws will have | Ceterum censeo Parva Mollia
 privacy. (Philip Zimmerman, author of PGP)     | esse delendam.

• Next message: Russ: "RE: Survey.exe"
• Previous message: Don Kendrick: "Re: Firewall comparison in Data Communications"
• Next in thread: Chris Brenton: "Re: Firewall comparison in Data Communications"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:18:59 CDT