Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Ambiguities in TCP/IP - firewall bypassing
From: daw () mozart cs berkeley edu (David Wagner)
Date: 19 Oct 2002 00:18:50 GMT

Paul Starzetz  wrote:
We believe that the flaws we have detected have a big impact on 
design of firewalls and packet filters since an improper implementation 
can easily lead to serious security problems.

Is there any reason to expect that such improper implementation
would be common?

As far as I know, the common case is packet filters that look at
only the ACK and SYN bits.  A typical configuration: All incoming
packets with the ACK bit set are allowed, as are all outgoing packets.
The anomalies you found don't seem to pose any problems for such a
style of configuration.

Are you aware of any common configurations that are at risk?

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]