Re: Ambiguities in TCP/IP - firewall bypassing

From: Luis Bruno (lbrunoat_private)
Date: Fri Oct 18 2002 - 23:04:27 PDT

Next message: David Wagner: "Re: Ambiguities in TCP/IP - firewall bypassing"

Previous message: John Fitzgerald: "RE: Ambiguities in TCP/IP - firewall bypassing"
In reply to: Alan DeKok: "Re: Ambiguities in TCP/IP - firewall bypassing"
Next in thread: John Fitzgerald: "RE: Ambiguities in TCP/IP - firewall bypassing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Alan DeKok wrote:
> Benjamin Krueger <benjaminat_private> wrote:
> > > [snip RFC 1025 (TCP and IP bake-off)]
> > 
> >   Identify what the packet should be, and treat it as such? If that is
> > the correct way to handle these packets, then these stacks are correct.
> 
>   So... what should the packet be?  As I said, the spec is ambiguous.
> If you don't know what the packet is, you obviously don't know how to
> treat it.

Think of ECN; should older stacks simply reject a packet with Syn+0x42
because they don't know what 0x42 is?

If I've understood correctly, you were suggesting to drop "bad" packets.
I agree; only let established traffic through your firewall, and only
let packets with Syn or Syn+Ack set and with Fin and Rst unset establish
state in the firewall. Ignore the rest of the flags.

Of course, if anyone finds this un-interoperable, please chime in!

Next message: David Wagner: "Re: Ambiguities in TCP/IP - firewall bypassing"
Previous message: John Fitzgerald: "RE: Ambiguities in TCP/IP - firewall bypassing"
In reply to: Alan DeKok: "Re: Ambiguities in TCP/IP - firewall bypassing"
Next in thread: John Fitzgerald: "RE: Ambiguities in TCP/IP - firewall bypassing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Oct 19 2002 - 12:42:59 PDT