Firewall Wizards mailing list archives
Re: Cisco PIX bug, discussions (lengthy)
From: Aleph One <aleph1 () dfw net>
Date: Thu, 27 Aug 1998 18:51:36 -0500 (CDT)
On Wed, 26 Aug 1998, John McDermott wrote:
I agree here, too, which prompts a question: is there some (simple) attack I can use to demonstrate that SPFs in their current form(s) are (inherently) less secure than proxies? IOW I would like to set up a simple demo to show that the internal systems can be successfully attacked even with an SPF firewall in place. [I am *not* trying to prove SPFs better if such an attack cannot be found; but rather I'd like to demonstrate in a classroom that even with an SPF a network is not as secure as it might be.]
Use any DoS attack on the internal machine's TCP/IP stack (e.g. teardrop, land).
--john ------------------------------------- Name: John McDermott VOICE: 505/377-6293 FAX 505/377-6313 E-mail: John McDermott <jjm () jkintl com> Writer and Computer Consultant -------------------------------------
Aleph One / aleph1 () dfw net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
Current thread:
- Re: Cisco PIX bug, discussions (lengthy) John McDermott (Aug 27)
- Re: Cisco PIX bug, discussions (lengthy) Aleph One (Aug 28)