|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Firewall comparison in Data Communications
Russ (Russ.Cooper
rc.on.ca)
Wed, 2 Jun 1999 22:40:01 -0400
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Steven M. Bellovin: "Re: Anybody have a clue why..."
- Previous message: Ge' Weijers: "Re: Interesting DNS Traffic -Reply"
- In reply to: Einar EINARSSON: "Re: Interesting DNS Traffic -Reply"
If you want to make "any/all feature/bugs of the Microsoft stack
irrelevant", you need to do more than simply replace TCPIP.SYS. You need
to either implement an NDIS Wrapper or replace/provide an NDIS driver
and tied TCPIP.SYS driver.
Otherwise the NDIS components could accept and forward packets destined
for other protocols (e.g. DLC, NetBEUI, NWLink).
Replacing TCPIP.SYS alone is not enough to make the statement you've
made. If there is a TDI interface from the replacement TCPIP.SYS, then,
possibly, much of NT's "feature/bugs" might be exploitable. An
interesting experiment which I haven't seen reported before might be the
use of TDITrace (from the NT Resource Kit) on boxes that "harden" the MS
TCP/IP implementation (either through replacement or otherwise) to see
just what gets passed.
While some changes are expected in Windows 2000, I've still yet to hear
anyone claim that they'll be able to implement either TCPWrappers or
IPFilter-like functionality on W2K.
Cheers,
Russ - NTBugtraq Editor
- Next message: Steven M. Bellovin: "Re: Anybody have a clue why..."
- Previous message: Ge' Weijers: "Re: Interesting DNS Traffic -Reply"
- In reply to: Einar EINARSSON: "Re: Interesting DNS Traffic -Reply"
This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:18:59 CDT