Bugtraq mailing list archives

Re: Ambiguities in TCP/IP - firewall bypassing

From: daw () mozart cs berkeley edu (David Wagner)
Date: 19 Oct 2002 00:18:50 GMT

Paul Starzetz  wrote:

We believe that the flaws we have detected have a big impact on 
design of firewalls and packet filters since an improper implementation 
can easily lead to serious security problems.


Is there any reason to expect that such improper implementation
would be common?

As far as I know, the common case is packet filters that look at
only the ACK and SYN bits.  A typical configuration: All incoming
packets with the ACK bit set are allowed, as are all outgoing packets.
The anomalies you found don't seem to pose any problems for such a
style of configuration.

Are you aware of any common configurations that are at risk?

Current thread:

Re: Ambiguities in TCP/IP - firewall bypassing, (continued)
- - - Re: Ambiguities in TCP/IP - firewall bypassing Alun Jones (Oct 18)
    - RE: Ambiguities in TCP/IP - firewall bypassing John Fitzgerald (Oct 19)
    - Re: Ambiguities in TCP/IP - firewall bypassing Tony Finch (Oct 19)
    - Re: Ambiguities in TCP/IP - firewall bypassing Alan DeKok (Oct 18)
    - Re: Ambiguities in TCP/IP - firewall bypassing Luis Bruno (Oct 19)
    - Re: Ambiguities in TCP/IP - firewall bypassing Lyndon Nerenberg (Oct 21)
- Re: Ambiguities in TCP/IP - firewall bypassing Florian Weimer (Oct 18)
  - Re: Ambiguities in TCP/IP - firewall bypassing cbrenton (Oct 19)
  - Re: Ambiguities in TCP/IP - firewall bypassing Aaron Hopkins (Oct 19)
    - Re: Ambiguities in TCP/IP - firewall bypassing Florian Weimer (Oct 22)
- Re: Ambiguities in TCP/IP - firewall bypassing David Wagner (Oct 19)
- RE: Ambiguities in TCP/IP - firewall bypassing Ofir Arkin (Oct 22)