On Fri, Mar 26, 1999 at 05:13:37PM +0000, Christoforos Karatzinis wrote:
: The first 25 packets were lost before the interface's initialization. The
: packets with sequence number greater than 34 are droped from the firewall.
: What about the packets with sequence number 25-34? Is it possible that
: someone can use this time (after the interface's initialization and before
: the firewall's initialization) to do something bad?
Prior to version 2.1c of FW-1, you used to be able to.. 2.1c and later
by default have an option activated to disable IP forwarding after
interfaces are initialized, but before the fwd is started. If you're
running 2.1c or later, you have to explicitly turn this option OFF in
order to be vulnerable.
What you were probably seeing is a chain of events like:
start pinging external interface of fw
interfaces come up
receive echo replies
fwd starts
FW-1 policy has the firewall "stealthed", so your echos get dropped.
--
Jason Costomiris <><
Technologist, cryptogeek, human.
jcostom {at} jasons {dot} org | http://www.jasons.org/
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:40:50 PDT