Excuse me for the ignorance, but I would like to ask if the community considers ipchains rules containing the -y flag as secure for the purpose of TCP filtering. Such a rule will prevent the stablishment of TCP connections to the host being firewalled. Is there a way to curcumvent such a protection? I am mostly interested if direct attacks (as if there is no firewall rule at all) are possible. I know that if there is a broken proxy server or a web interface or something else that can be used as a launch pad, such filters may not help. However, what can an attacker do to a filtered service if no other vulnerable or insecure service exists? We assume that there are no UDP services running on the machine being firewalled (as -y filters do not apply to those) and that the TCP/IP stacks are stable enough (no DoS conditions, floods, etc.). Yes, I know that port scanners can bypass -y filters and still map the host being firewalled, however is there more that can be done against such a host? Thanks in advance. Philip
This archive was generated by hypermail 2b30 : Mon Jun 04 2001 - 10:16:23 PDT