That's (at least theoretically) correct. It also has an anti-spoofing
mechanism whereby it compares the source IP against the permitted
addresses for an interface. That procedure is supposed to take place in
the kernel module -- I can neither confirm nor deny that it actually
occurs there.
Scott Blake, Network Security Architect
Netegrity, Inc.
blake_at_security.com
> -----Original Message-----
> From: mattias.lindstrom_at_infohwy.se [SMTP:mattias.lindstrom_at_infohwy.se]
> Sent: Monday, November 03, 1997 3:33 AM
> To: 'Scott Blake'
> Cc: firewall-wizards_at_nfr.net
> Subject: SV: port 256/257 and firewall-1
>
> Well, correct me if I´m wrong but doesn´t FW-1 check the source adress
> against it table of permitted GUI clients?
> If the packet comes from a non-permitted client it just discards it.
> But, I could be wrong.
>
>
> Mattias Lindström +46 (0)8 445 1842, +46 (0)708 46 1842 (fax)
> Information Highway AB +46 (0)708 45 1842 (mobile)
> Torget 1, Box 1507 mattias.lindstrom_at_infohwy.se
> 172 29 Sundbyberg
> SWEDEN http://www.infohwy.se
>
>
> -----Ursprungligt meddelande-----
> Från: Scott Blake [SMTP:blake_at_netegrity.com]
> Skickat: Tuesday, October 28, 1997 1:40 PM
> Till: Paul D. Robertson
> Kopia: firewall-wizards_at_nfr.net
> Ämne: RE: port 256/257 and firewall-1
>
> As I said, limited testing. I've tested out of band data and a
> few fuzz
> tests. FW-1 appears to simply ignore everything that isn't
> strictly
> what it wants. Clearly, I don't have the definitive answer on
> this
> subject. Perhaps someone with more time could take this ball
> and report
> their results?
>
> -s
>
> Scott Blake, Network Security Architect
> Netegrity, Inc.
> blake_at_security.com
>
>
Received on Nov 03 1997
Intro
