Firewall Wizards: RE: port 256/257 and firewall-1

[Scott Blake <blake () netegrity com>]

That's (at least theoretically) correct.  It also has an anti-spoofing
mechanism whereby it compares the source IP against the permitted
addresses for an interface.  That procedure is supposed to take place in
the kernel module -- I can neither confirm nor deny that it actually
occurs there.

Scott Blake, Network Security Architect
Netegrity, Inc.
blake () security com

> -----Original Message-----
> From: mattias.lindstrom () infohwy se [SMTP:mattias.lindstrom () infohwy se]
> Sent: Monday, November 03, 1997 3:33 AM
> To:   'Scott Blake'
> Cc:   firewall-wizards () nfr net
> Subject:      SV: port 256/257 and firewall-1
>
> Well, correct me if I´m wrong but doesn´t FW-1 check the source adress
> against it table of permitted GUI clients?
> If the packet comes from a non-permitted client it just discards it.
> But, I could be wrong.
>
>
> Mattias Lindström     +46 (0)8 445 1842, +46 (0)708 46 1842 (fax)
> Information Highway AB        +46 (0)708 45 1842 (mobile)
> Torget 1, Box 1507    mattias.lindstrom () infohwy se
> 172 29 Sundbyberg     
> SWEDEN                http://www.infohwy.se
>
>
>       -----Ursprungligt meddelande-----
>       Från:   Scott Blake [SMTP:blake () netegrity com]
>       Skickat:        Tuesday, October 28, 1997 1:40 PM
>       Till:   Paul D. Robertson
>       Kopia:  firewall-wizards () nfr net
>       Ämne:   RE: port 256/257 and firewall-1
>
>       As I said, limited testing.  I've tested out of band data and a
> few fuzz
>       tests.  FW-1 appears to simply ignore everything that isn't
> strictly
>       what it wants.  Clearly, I don't have the definitive answer on
> this
>       subject.  Perhaps someone with more time could take this ball
> and report
>       their results?
>
>       -s
>
>       Scott Blake, Network Security Architect
>       Netegrity, Inc.
>       blake () security com