<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Firewall Wizards: Re: Firewall-Wizards Digest V1 #311

Re: Firewall-Wizards Digest V1 #311

From: Ryan Russell <Ryan.Russell_at_sybase.com>
Date: Tue, 1 Jun 1999 20:27:59 -0700

Proxies can't do this without an extra shim of some sort,
FW-1 doesn't do it.. which firewalls do? I believe most
rely on the OS to take care of it, or expect it shut off at the
routers. Besides, you want to be able to configure that off
in the OS, as another item on your hardening list to make
it fail closed, or as closed as possible.

Ryan

The ablity to detect source route packets is
"generally" provided by the firewall software that one
installs. The driver in most of the firewalls detcts
the IP options in the IP packet and takes a decision
on the necessary action as configured.
The NT OS or the Unix OS do not detect source
routed packets. So one would need another software
to detect such packets, and one would in all
probability do this with a firewall software....
Received on Jun 03 1999

This message: [ Message body ]
Next message: David T. Smith: "RE: Firewall comparison in Data Communications"
Previous message: Aaron D. Turner: "IMAP- how to protect a server?"
Maybe in reply to: Sandy Green: "Re: Firewall-Wizards Digest V1 #311"
Next in thread: Chris Brenton: "Re: Firewall-Wizards Digest V1 #311"
Reply: Chris Brenton: "Re: Firewall-Wizards Digest V1 #311"
Reply: dreamwvr: "Re: Firewall-Wizards Digest V1 #311"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]