[luau] TCP Packet filtering
Ben Beeson
beesond001 at hawaii.rr.com
Tue May 6 19:45:00 PDT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Aloha all,
I saw the following advisory today in the Linux Today news letter and was
wondering if the MonMotha firewall is effected by this behavior in its as
delivered form.
- ------------------------------------------------------------------
SCO OPENLINUX ADVISORY: TCP_SEC
"Allowing TCP packets with both the SYN and FIN bits set
significantly improve an attacker's chances of circumventing
a firewall..."
COMPLETE STORY:
http://linuxtoday.com/security/2003050501726SCCDSW
More Security stories: http://linuxtoday.com/security
- ------------------------------------------------------------------
In short, the article referred to at
http://www.securityfocus.com/archive/1/296122/2002-10-19/2002-10-25/2
implies that by carefully forming the flags, you could work around or bypass
a firewall device. The article also recommends adding rules to drop these
'malformed' packets to avoid the problem altogether. I browsed the MonMotha
firewall that I am using now and didn't see any lines of code that obviously
match the suggested examples in the security focus article, but then again,
I'm no wizard at IPTABLES, so I thought I'd ask and see if someone more
knowledgeable than me could help.
Mahalos in advance,
Ben
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE+uJ0q2CQyDWFa64MRAkzOAJ0a6m6XgrXqT78bw5O8s+1dndwvQgCfaVZl
HtgcoGzu/PKLXwljzaAXuOE=
=tYS0
-----END PGP SIGNATURE-----
More information about the LUAU
mailing list