Bugtraq mailing list archives

Re: Crafted Packets Handling by Firewalls - FW-1 case

From: avalon () COOMBS ANU EDU AU (Darren Reed)
Date: Fri, 21 Jan 2000 11:39:09 +1100


In some mail from Ofir Arkin, sie said:


I will try to focus more on the subject.

FW-1 do accept:  ACK, SYN-ACK, NULL, FIN-ACK  (and more) as valid
traffic if they match the rule base, even if no connection establishment
was in progress and no session state was in the firewalls table.

[...]

FW-1's behaviour in this respect has been discussed at length in the
past and last year a patch was released by them for their base INSPECT
code which changed the behaviour to not be this way.  A patch, which
fixes this problem, was made available due to DoS problems.  I believe
this URL will help you:

http://www.checkpoint.com/techsupport/alerts/ackdos.html

Darren

Current thread:

Trusted process on an untrusted machine?, (continued)
- - - Trusted process on an untrusted machine? Mike Frantzen (Jan 18)
    - Re: Trusted process on an untrusted machine? Pavel Machek (Jan 19)
    - Re: Trusted process on an untrusted machine? Mike Frantzen (Jan 19)
    - Re: Trusted process on an untrusted machine? Pavel Machek (Jan 20)
    - Re: Trusted process on an untrusted machine? Tim Newsham (Jan 19)
    - Re: Trusted process on an untrusted machine? Anonymous Anonymous (Jan 19)
    - Re: Trusted process on an untrusted machine? Crispin Cowan (Jan 19)
    - Crafted Packets Handling by Firewalls - FW-1 case Ofir Arkin (Jan 19)
    - Rh 6.1 initial root password encryption Ken Barber (Jan 20)
    - Re: Rh 6.1 initial root password encryption Fabian Kroenner (Jan 22)
    - Re: Crafted Packets Handling by Firewalls - FW-1 case Darren Reed (Jan 20)
    - Microsoft Security Bulletin (MS00-005) Microsoft Product Security (Jan 17)
    - Re: Microsoft Security Bulletin (MS00-005) bugtraq () NS DOOMSDAY COM (Jan 19)
    - Re: Microsoft Security Bulletin (MS00-005) Matt Davis (Jan 19)
    - Re: Microsoft Security Bulletin (MS00-005) Tabor J. Wells (Jan 19)
    - Unixware ppptalk what's your style? (Jan 19)
    - Re: Unixware ppptalk Andrew Malcolm (Jan 21)
    - Re: IIS still revealing paths for web directories Henrik Nordstrom (Jan 15)
    - Re: IIS still revealing paths for web directories Antonio Ropero (Jan 15)
    - Re: IIS still revealing paths for web directories Chris Tobkin (Jan 18)
    - SRS Addendum Matt Conover (Jan 12)

(Thread continues...)