Re: [fw-wiz] OBSD reaction to CERT advisory

• Previous message: Irwin Lazar: "RE: [fw-wiz] Tunnel intruder"
• In reply to: Daniel Hartmeier: "Re: [fw-wiz] OBSD reaction to CERT advisory"
• Next in thread: Daniel Hartmeier: "Re: [fw-wiz] OBSD reaction to CERT advisory"
• Reply: Daniel Hartmeier: "Re: [fw-wiz] OBSD reaction to CERT advisory"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In some email I received from Daniel Hartmeier, sie wrote:
[...]
> And, yes, based solely on code inspection, I'm very confident that
> IPFilter is vulnerable to this attack.

Note, this statement: "code inspection".  Not a code walk through or
even an actual test.

> If anyone fancies a little
> competition, set up an ftp server behind an IPFilter firewall. Allow me
> to connect to the ftp server (using passive mode, so the in-kernel ftp
> proxy allows incoming ftp data connections). Setup a fake target, like
> an echo "secret" inetd.conf entry, and absolutely filter any access to
> that port on the firewall. If I can connect to that port and get the
> secret, I win. How much are you betting?

How much are you prepared to lose ?

Darren
_______________________________________________
firewall-wizards mailing list
firewall-wizardsat_private
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Next message: Harald Koch: "[fw-wiz] Re: Tunnel intruder"
• Previous message: Irwin Lazar: "RE: [fw-wiz] Tunnel intruder"
• In reply to: Daniel Hartmeier: "Re: [fw-wiz] OBSD reaction to CERT advisory"
• Next in thread: Daniel Hartmeier: "Re: [fw-wiz] OBSD reaction to CERT advisory"
• Reply: Daniel Hartmeier: "Re: [fw-wiz] OBSD reaction to CERT advisory"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Oct 09 2002 - 17:56:57 PDT