Re: Possible security hole

From: Ryan Russell (Ryan.Russellat_private)
Date: Sun Mar 28 1999 - 19:07:57 PST

Next message: Doug Granzow: "Re: Melissa Macro Virus"

Previous message: Nick FitzGerald: "Re: Malicious code detection and full disclosure"
Maybe in reply to: Christoforos Karatzinis: "Possible security hole"
Next in thread: Warren Barrow: "Re: Possible security hole"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>The first 25 packets were lost before the interface's initialization. The
>packets with sequence number greater than 34 are droped from the firewall.
>What about the packets with sequence number 25-34? Is it possible that
>someone can use this time (after the interface's initialization and before
>the firewall's initialization) to do something bad?

Absolutely.  There is a period of time while the FW is booting when the
OS is up, but the FW software is not.  FW-1 makes no attempt to hook
the IP stack in such a way to prevent this.  You MUST secure the
underlying OS ON YOUR OWN.  FW-1 does NOT "harden" the OS..

As for pings being dropped.. it's not unusual for some OSes
(IOS included) to respond to pings, and then not, and then
respond again during a boot.  The second time not responding
may be when the FW software kicked it, depending on the rules
set.

                         Ryan

Next message: Doug Granzow: "Re: Melissa Macro Virus"
Previous message: Nick FitzGerald: "Re: Malicious code detection and full disclosure"
Maybe in reply to: Christoforos Karatzinis: "Possible security hole"
Next in thread: Warren Barrow: "Re: Possible security hole"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:40:54 PDT