RE: Firewall comparison in Data Communications

[W J La Cholter <tck () giage com>]

I know Gauntlet 1.1 for Windows NT, which came out in July 1997, blocked
source-routed traffic.  It was the first version with kernel-level
changes for filtering and transparency.  We implemented the same
algorithms for screening packets as Gauntlet 3 for UNIX.

Most NT firewalls that have a kernel-mode driver should be able to
screen source-routed packets and other nasties.
-
W. J. La Cholter <blacholter () giage com> - Giage
PGP 5 Fingerprint: 79E0 EE3A 2EC1 2303 624C  AE99 F31B 972B F24F 688E



-----Original Message-----
From: Matt Curtin [mailto:cmcurtin () interhack net]
Sent: Monday, May 24, 1999 10:22 PM
To: David Newman
Cc: firewall-wizards () nfr net; firewalls () lists gnac net
Subject: Re: Firewall comparison in Data Communications


Hmm.  I saw no mention of attempts to source-route traffic.

I have been told that NT doesn't have the ability to detect and block
source-routed packets.  Are NT firewalls somehow detecting and
dropping these things these days?  Or is it true that NT firewalls are
unable to block this attack without help from another component with
half a brain (i.e., having the access router drop source routed
stuff)?

-- 
Matt Curtin cmcurtin () interhack net
http://www.interhack.net/people/cmcurtin/
-
[To unsubscribe, send mail to majordomo () lists gnac net with
"unsubscribe firewalls" in the body of the message.]