In some mail I received from Marcus J. Ranum, sie wrote
[...]
> >That is: Even though the setup was flawless, is there a known DOS-Attack
> >against these systems, can they be manipulated or do they pass data they
> >are not supposed to pass etc?
>
> Denial of service attacks have been known to work on several
> of the proxy type firewalls (which usually rely more on the
> vendor's provided IP stack) -- but just about *ANYTHING* seems
> to be vulnerable to some sort of denial of service attack. The
> more interesting problems are the ones where the firewall
> may start to pass data it's not supposed to -- those are less
> common bugs but they have happened as well.
An interesting one I was told about with FW-1 was with their remote
log monitoring. If you connected from a remote location, i.e. over
the Internet, to the workstation to examine logs, the logging would
fall over in a heap and not restart until you were able to do it from
the console (or wherever you need to be to do that). Whilst not a
DOS, per se, if an unfriendly were to do that, you'd be without any
sort of log information...
Darren
Received on Nov 08 1997
Intro
