On Fri, Mar 26, 1999 at 05:13:37PM +0000, Christoforos Karatzinis wrote: : The first 25 packets were lost before the interface's initialization. The : packets with sequence number greater than 34 are droped from the firewall. : What about the packets with sequence number 25-34? Is it possible that : someone can use this time (after the interface's initialization and before : the firewall's initialization) to do something bad? Prior to version 2.1c of FW-1, you used to be able to.. 2.1c and later by default have an option activated to disable IP forwarding after interfaces are initialized, but before the fwd is started. If you're running 2.1c or later, you have to explicitly turn this option OFF in order to be vulnerable. What you were probably seeing is a chain of events like: start pinging external interface of fw interfaces come up receive echo replies fwd starts FW-1 policy has the firewall "stealthed", so your echos get dropped. -- Jason Costomiris <>< Technologist, cryptogeek, human. jcostom {at} jasons {dot} org | http://www.jasons.org/
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:40:50 PDT