Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NFR Wizards> 1999_2

NFR Wizards Archive: Re: Firewall-Wizards Digest V1 #311

Re: Firewall-Wizards Digest V1 #311

Carric Dooley (carriccom2usa.com)
Wed, 2 Jun 1999 10:11:04 -0400 (EDT)

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: David C Niemi: "RE: Survey.exe"
Previous message: Chris Brenton: "Re: Firewall comparison in Data Communications"
In reply to: Brian Steele: "RE: Firewall comparison in Data Communications"

I beleive SP5 is supposed to address this for NT.

Carric Dooley
COM2:Interactive Media
http://www.com2usa.com

On Mon, 31 May 1999, Matt Curtin wrote:

> >>>>> On Mon, 31 May 1999 10:42:45 -0700 (PDT),
> Sandy Green <sand232yahoo.com> said:
>
> Sandy> The NT OS or the Unix OS do not detect source routed
> Sandy> packets. So one would need another software to detect such
> Sandy> packets, and one would in all probability do this with a
> Sandy> firewall software....
>
> That is not correct. Unix operating systems (specifically FreeBSD,
> NetBSD, OpenBSD, Linux, Solaris, and probably every other flavor) are
> capable of detecting source routed packets.
>
> With Unix there isn't the need for another layer of software to detect
> and to drop source-routed packets.
>
> Where another layer of software is involved anyway, the ability for
> the OS to detect such traffic is especially important when considering
> that in security systems--including firewalls--the "belt-and-
> suspenders" approach of redundancy should be the rule of design. That
> means that both the OS and the application(s) atop it should be
> configured to drop them. As should be router(s) around it.
>
> This way, if your application detects a source-routed packet, the
> correct behavior isn't simply to drop it, but to sound an alarm,
> because it means one of the other security mechanisms has been
> defeated.
>
> Thanks to everyone who answered my question. It sounds like, as
> usual, Microsoft's software doesn't deliver functionality that is
> absolutely critical in a security system, but they promise that it
> will be available in The Next Version. And so goes the vaporware from
> Redmond. That's why you'll find none of their cruft "protecting" any
> of my assets.
>
> --
> Matt Curtin cmcurtininterhack.net http://www.interhack.net/people/cmcurtin/
>

Next message: David C Niemi: "RE: Survey.exe"
Previous message: Chris Brenton: "Re: Firewall comparison in Data Communications"
In reply to: Brian Steele: "RE: Firewall comparison in Data Communications"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:18:59 CDT